>Anonymous PKINIT works fine but requires certs to be distributed. Unless
>you're prepared to update every machine in the world every year, you
>pretty much have to use a cert that goes back to a commercial CA.
At least for us, we already did that hard work and have PKINIT already
working within t
Charles Hedrick writes:
> Anonymous PKINIT works fine but requires certs to be distributed. Unless
> you're prepared to update every machine in the world every year, you
> pretty much have to use a cert that goes back to a commercial CA.
Because you have to distribute the certs to the client any
Anonymous PKINIT works fine but requires certs to be distributed. Unless you're
prepared to update every machine in the world every year, you pretty much have
to use a cert that goes back to a commercial CA. But in that case you probably
have to use the obscurely documented
pkinit_eku_checkin
