From de2e5cf4a0fd085f16ca643f75e04a18a2b58d92 Mon Sep 17 00:00:00 2001 From: Kevin Coffman Date: Mon, 6 Aug 2007 13:57:26 +0000 Subject: Remove these files that were not intended to be moved onto the trunk ticket: 5617 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19753 dc483132-0cff-0310-8789-dd5450dbe970 --- src/plugins/preauth/pkinit/README.developers | 18 ------------------ 1 file changed, 18 deletions(-) delete mode 100644 src/plugins/preauth/pkinit/README.developers (limited to 'src/plugins/preauth/pkinit/README.developers') diff --git a/src/plugins/preauth/pkinit/README.developers b/src/plugins/preauth/pkinit/README.developers deleted file mode 100644 index e095327b9..000000000 --- a/src/plugins/preauth/pkinit/README.developers +++ /dev/null @@ -1,18 +0,0 @@ -Experimental features: -1. If you want trustedCertifiers to be sent by the client, then set -X509_CA_BUNDLE to a ca-bundle file. -2. If you want to make our KDC act like a draft9 KDC, then modify pkinit_src.c -file. there is an "#if 0" for "supported_server_pa_types". if you change "if 0" -to "if 1", then the kdc will become draft9-only KDC. -3. If you like more debugging output, add "-DDEBUG" to CFLAGS and recompile -the code. -4. If you are debugging ASN1 encoding, add "-DDEBUG_ASN1" to CFLAGS and -recompile the code. After running, you'll get DER encoded structures stored -in /tmp. For example, /tmp/client_as_req will contains DER encoding of the -pkinit part of the AS-REQ. -5. Prior to having config options that manage EKU/SAN/CRL checking, you can -modify pkinit_lib.c in function pkinit_lib_init(), set - plgctx->require_eku = 1 -- will require presence of EKU in certs - plgctx->require_san = 1 -- will require presence of SAN in KDC's cert - plgctx->require_crl_checking = 1 -- will require presence of CRLs to - verify every certificate -- cgit