Hello everyone, We're currently deploying several MIT Kerberos infrastructures (e.g. : realms - JCE.POD & LJK.DEV) in our organization.
Now, we want to authenticate users (e.g. : ause...@jce.pod & ause...@ljk.dev) with a unique user certificate (X509) thanks to PKINIT. So I followed this doc : http://web.mit.edu/kerberos/krb5-1.11/doc/admin/pkinit.html But, with this solution, we have two problems : - We have to define the REALM and the CLIENT in the client certificate and our PKI doesn't deliver this type of certificate with this extension. - We would like a unique user certificate to authenticate users in all our differents realms, so we can't add the REALM in the certificate. Can we use the attribute Subject (e.g. : AUserID) without use the certificate extension ? Thank you for your help. Marsip. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos