summaryrefslogtreecommitdiffstats
path: root/src/plugins/preauth/pkinit/README.developers
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/preauth/pkinit/README.developers')
-rw-r--r--src/plugins/preauth/pkinit/README.developers18
1 files changed, 0 insertions, 18 deletions
diff --git a/src/plugins/preauth/pkinit/README.developers b/src/plugins/preauth/pkinit/README.developers
deleted file mode 100644
index e095327b9..000000000
--- a/src/plugins/preauth/pkinit/README.developers
+++ /dev/null
@@ -1,18 +0,0 @@
-Experimental features:
-1. If you want trustedCertifiers to be sent by the client, then set
-X509_CA_BUNDLE to a ca-bundle file.
-2. If you want to make our KDC act like a draft9 KDC, then modify pkinit_src.c
-file. there is an "#if 0" for "supported_server_pa_types". if you change "if 0"
-to "if 1", then the kdc will become draft9-only KDC.
-3. If you like more debugging output, add "-DDEBUG" to CFLAGS and recompile
-the code.
-4. If you are debugging ASN1 encoding, add "-DDEBUG_ASN1" to CFLAGS and
-recompile the code. After running, you'll get DER encoded structures stored
-in /tmp. For example, /tmp/client_as_req will contains DER encoding of the
-pkinit part of the AS-REQ.
-5. Prior to having config options that manage EKU/SAN/CRL checking, you can
-modify pkinit_lib.c in function pkinit_lib_init(), set
- plgctx->require_eku = 1 -- will require presence of EKU in certs
- plgctx->require_san = 1 -- will require presence of SAN in KDC's cert
- plgctx->require_crl_checking = 1 -- will require presence of CRLs to
- verify every certificate
generated by cgit (git 2.34.1) at 2026-01-06 00:48:40 +0000