On 28/3/23 09:24, Ken Hornstein wrote:
You can specify the certificate exactly on the 'kinit' command line
with the "-X X509_user_identity" option (this has the same format
as the pkinit_identities option in krb5.conf). Now this option isn't
supported for kadmin, but you can do:
% kinit -X
Dear kerberos community,
I've set up a very small MIT Kerberos installation for my own use, with
MIT Kerberos under Linux. In experimenting with the PKINIT
configuration, I have essentially followed the MIT Kerberos
documentation (using openssl to generate keys and certificates), and
reached