diff options
author | Greg Hudson <ghudson@mit.edu> | 2014-06-06 23:24:00 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2014-06-13 00:31:27 -0400 |
commit | 823bad7f3f314647feb14284bc36fa231c9c7875 (patch) | |
tree | 0fd73dec5eed3de3e60af83fb1939d0a046fc5ef /doc | |
parent | cd06659844f9671d6ca9955fa6d3ee6e0806c7f1 (diff) | |
download | krb5-823bad7f3f314647feb14284bc36fa231c9c7875.tar.gz krb5-823bad7f3f314647feb14284bc36fa231c9c7875.tar.xz krb5-823bad7f3f314647feb14284bc36fa231c9c7875.zip |
Remove pkinit_win2k_require_binding option
When constructing a draft9 PKINIT request, always include
KRB5_PADATA_AS_CHECKSUM padata to ask for an RFC 4556 ReplyKeyPack.
Do not accept a draft9 ReplyKeyPack in the KDC response.
For now, retain the krb5_reply_key_pack_draft9 ASN.1 codec and the KDC
support for generating a draft9 ReplyKeyPack when a draft9 PKINIT
request does not contain KRB5_PADATA_AS_CHECKSUM.
ticket: 7933
Diffstat (limited to 'doc')
-rw-r--r-- | doc/admin/conf_files/krb5_conf.rst | 5 |
1 files changed, 0 insertions, 5 deletions
diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst index c6ded33d1..008ca4ce8 100644 --- a/doc/admin/conf_files/krb5_conf.rst +++ b/doc/admin/conf_files/krb5_conf.rst @@ -1083,11 +1083,6 @@ PKINIT krb5.conf options of the KDC certificate presented. This option may be specified multiple times. -**pkinit_win2k_require_binding** - If this flag is set to true, it expects that the target KDC is - patched to return a reply with a checksum rather than a nonce. - The default is false. - .. _parameter_expansion: |