I've been experimenting with pkinit, and was wondering if there is a way to also require the normal kerberos password as well as using a certificate file. I prefer not to trust the cert alone, but would also like something more than a password. I can ask people to password protect their cert key, and that works, but is unenforceable.
I'd really like to avoid shunting some kind of preauth to yet another authentication system if possible. Is it possible to do what I described, or is there a better way? Cheers, Chris ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
