From 52a46d121bf760f6beca4622ace0a4554a679c3c Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Fri, 29 Oct 2010 16:23:21 -0400
Subject: Add support for configuring KDC certs for PKINIT

This patch adds support only for the selfsign case.
Replica support is also still missing at this stage.
---
 install/share/kdc.conf.template | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'install/share/kdc.conf.template')

diff --git a/install/share/kdc.conf.template b/install/share/kdc.conf.template
index 4a2cca412..f8e07c77b 100644
--- a/install/share/kdc.conf.template
+++ b/install/share/kdc.conf.template
@@ -12,4 +12,6 @@
   dict_file = /usr/share/dict/words
   default_principal_flags = +preauth
 ;  admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
+  pkinit_identity = FILE:/var/kerberos/krb5kdc/kdc.pem
+  pkinit_anchors = FILE:/var/kerberos/krb5kdc/cacert.pem
  }
-- 
cgit