On Wed, Apr 26, 2023 at 11:41 AM Matt Zagrabelny <mzagr...@d.umn.edu> wrote:
> On Wed, Apr 26, 2023 at 11:29 AM Ken Hornstein <k...@cmf.nrl.navy.mil> > wrote: > > > > It does occur to me a useful addition to kinit might be a flag that > > means "authenticate using anonymous PKINIT and then use those > > credentials as a FAST armour credential cache" so you wouldn't have > > to muck around with juggling credential caches. > > That would be great and would eliminate an impending shell alias for me: > > alias kinit-otp='kinit -n -c /tmp/somecache; kinit -T /tmp/somecache' > Krb5 devs, Any thoughts about extending kinit to natively perform the two step process in the alias above? (And also have an option in /etc/krb5.conf so that it is "on" by default?) Maybe: kinit --anonymous-cache-credentials [libdefaults] anonymous-cache-credentials = true Thanks for the consideration! -m ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos