Add support for configuring KDC certs for PKINIT

This patch adds support only for the selfsign case. Replica support is also still missing at this stage.
author: Simo Sorce <ssorce@redhat.com> 2010-10-29 16:23:21 -0400
committer: Simo Sorce <ssorce@redhat.com> 2010-11-18 15:09:36 -0500
commit: 52a46d121bf760f6beca4622ace0a4554a679c3c (patch)
tree: 550a2bddf9ab3848da9ab33ca73529060b9e4c68 /install/share/kdc.conf.template
parent: 74ba0cc7c1bdb9c560324a68c16593755bcda5d8 (diff)
download: freeipa-52a46d121bf760f6beca4622ace0a4554a679c3c.tar.gz
freeipa-52a46d121bf760f6beca4622ace0a4554a679c3c.tar.xz
freeipa-52a46d121bf760f6beca4622ace0a4554a679c3c.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/install/share/kdc.conf.template b/install/share/kdc.conf.template
index 4a2cca412..f8e07c77b 100644
--- a/install/share/kdc.conf.template
+++ b/install/share/kdc.conf.template
@@ -12,4 +12,6 @@
   dict_file = /usr/share/dict/words
   default_principal_flags = +preauth
 ;  admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
+  pkinit_identity = FILE:/var/kerberos/krb5kdc/kdc.pem
+  pkinit_anchors = FILE:/var/kerberos/krb5kdc/cacert.pem
  }
author	Simo Sorce <ssorce@redhat.com>	2010-10-29 16:23:21 -0400
committer	Simo Sorce <ssorce@redhat.com>	2010-11-18 15:09:36 -0500
commit	52a46d121bf760f6beca4622ace0a4554a679c3c (patch)
tree	550a2bddf9ab3848da9ab33ca73529060b9e4c68 /install/share/kdc.conf.template
parent	74ba0cc7c1bdb9c560324a68c16593755bcda5d8 (diff)
download	freeipa-52a46d121bf760f6beca4622ace0a4554a679c3c.tar.gz freeipa-52a46d121bf760f6beca4622ace0a4554a679c3c.tar.xz freeipa-52a46d121bf760f6beca4622ace0a4554a679c3c.zip