Hi Jiajia, Finally digging into the pkinit support in ernest. I've checked out the pkinit-support branch and built it successfully. Saw the WithCertKdcTest.testKdc test method and uncommented out the @Test so I could start running the test. This helped to show some of the pieces that are missing.
Do you have a list of what's working and what isn't? Also, do you have any writeup on the intended design? For example, on the client side I see subclasses for each preauth type (AsRequestWithCert, AsRequestWithPassword, etc.) but on the server side there is just the server.request.AsRequest class that appears to be handling multiple preauth types. Also, I see the PkinitPreauth class that isn't hooked into the default server. Is the intent that it eventually will be? Or is PKINIT support something that will need to be configured in. Thanks. Tom
