diff options
| author | Simo Sorce <simo@redhat.com> | 2016-07-26 11:19:01 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2016-12-08 19:54:30 -0500 |
| commit | e17438cca414b1bc7a5c21da502550a520f25a67 (patch) | |
| tree | e387e32f96a2893a1729a738cf7350b4b5a7611b /install/share/kdc.conf.template | |
| parent | fad87a9962ee33cfebc4fa59aba589e98b076cea (diff) | |
| download | freeipa-kdc-pkinit.tar.gz freeipa-kdc-pkinit.tar.xz freeipa-kdc-pkinit.zip | |
Configure Anonymous PKINIT on server installkdc-pkinit
Allow anonymous pkinit to be used so that unenrolled hosts can perform FAST
authentication (necessary for 2FA for example) using an anonymous krbtgt
obtained via Pkinit.
https://fedorahosted.org/freeipa/ticket/5678
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'install/share/kdc.conf.template')
| -rw-r--r-- | install/share/kdc.conf.template | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/install/share/kdc.conf.template b/install/share/kdc.conf.template index 296b75b4c..ec53a1ff5 100644 --- a/install/share/kdc.conf.template +++ b/install/share/kdc.conf.template @@ -12,6 +12,6 @@ dict_file = $DICT_WORDS default_principal_flags = +preauth ; admin_keytab = $KRB5KDC_KADM5_KEYTAB - pkinit_identity = FILE:$KDC_PEM + pkinit_identity = FILE:$KDC_CERT,$KDC_KEY pkinit_anchors = FILE:$CACERT_PEM } |