On Mon, Dec 07, 2009 at 05:59:25PM +0000, Darren Moffat wrote: > I believe we are still waiting on a final spec for this case. > > Specifically is the intent to add a 'pkinit' module option to the existing > pam_krb5 module or add a pam_krb5_pkinit module.
Right, sorry for the delay (was on vacation). I'll update the spec taking the "pkinit" module option approach which is preferable over the pam_krb5_pkinit approach of creating a new PAM module to do PKINIT for the reasons mentioned earlier in this discussion. -- Will Fiveash Sun Microsystems Inc. http://opensolaris.org/os/project/kerberos/ Sent from mutt, a sweet ASCII MUA
