Nico Williams <[email protected]> writes: > As Geoff explained in his reply, the idea is that the KDC can synthesize > a KDB entry for any principal that doesn't exist in the KDB but for > which a client certificate is presented (with a PKINIT SAN, issued by a > CA trusted for that and the realm in question) and issue a ticket.
Ah, yes, right, of course. I had completely forgotten about that. -- Russ Allbery ([email protected]) <https://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
