On Fri, Jul 21, 2017 at 12:42:38PM -0700, Russ Allbery wrote:
>
> Yeah, if you're worried about portable keys, that's when you probably want
> to do something with a system TPM. If you go down that path, I'd probably
> try to figure out some way to do PKINIT using a TLS certificate stored in
> th
HI!
I've read through kadm5.acl(5):
http://web.mit.edu/kerberos/www/krb5-latest/doc/admin/conf_files/kadm5_acl.html
I'm investigating the possibility to auto-generate kadm5.acl based on access
control
rules defined my LDAP directory (with rather complex entity relationships).
Are there more co
