>Is it possible to check if a certificate is revoked against a URL in MIT KDC?
Currently the answer is 'no' with the MIT implementation. We have code here at NRL which does that (I'm assuming you mean checking using OCSP), and it's pretty straightforward. It's on my medium term to-do list to contribute that code to MIT for inclusion their pkinit plugin, but sadly I've been busy with other things. --Ken ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos