Remove pkinit_win2k_require_binding option

When constructing a draft9 PKINIT request, always include KRB5_PADATA_AS_CHECKSUM padata to ask for an RFC 4556 ReplyKeyPack. Do not accept a draft9 ReplyKeyPack in the KDC response. For now, retain the krb5_reply_key_pack_draft9 ASN.1 codec and the KDC support for generating a draft9 ReplyKeyPack when a draft9 PKINIT request does not contain KRB5_PADATA_AS_CHECKSUM. ticket: 7933
author: Greg Hudson <ghudson@mit.edu> 2014-06-06 23:24:00 -0400
committer: Greg Hudson <ghudson@mit.edu> 2014-06-13 00:31:27 -0400
commit: 823bad7f3f314647feb14284bc36fa231c9c7875 (patch)
tree: 0fd73dec5eed3de3e60af83fb1939d0a046fc5ef /doc
parent: cd06659844f9671d6ca9955fa6d3ee6e0806c7f1 (diff)
download: krb5-823bad7f3f314647feb14284bc36fa231c9c7875.tar.gz
krb5-823bad7f3f314647feb14284bc36fa231c9c7875.tar.xz
krb5-823bad7f3f314647feb14284bc36fa231c9c7875.zip
1 files changed, 0 insertions, 5 deletions
diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst
index c6ded33d1..008ca4ce8 100644
--- a/doc/admin/conf_files/krb5_conf.rst
+++ b/doc/admin/conf_files/krb5_conf.rst
@@ -1083,11 +1083,6 @@ PKINIT krb5.conf options
     of the KDC certificate presented.  This option may be specified
     multiple times.
 
-**pkinit_win2k_require_binding**
-    If this flag is set to true, it expects that the target KDC is
-    patched to return a reply with a checksum rather than a nonce.
-    The default is false.
-
 
 .. _parameter_expansion:
author	Greg Hudson <ghudson@mit.edu>	2014-06-06 23:24:00 -0400
committer	Greg Hudson <ghudson@mit.edu>	2014-06-13 00:31:27 -0400
commit	823bad7f3f314647feb14284bc36fa231c9c7875 (patch)
tree	0fd73dec5eed3de3e60af83fb1939d0a046fc5ef /doc
parent	cd06659844f9671d6ca9955fa6d3ee6e0806c7f1 (diff)
download	krb5-823bad7f3f314647feb14284bc36fa231c9c7875.tar.gz krb5-823bad7f3f314647feb14284bc36fa231c9c7875.tar.xz krb5-823bad7f3f314647feb14284bc36fa231c9c7875.zip