1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

WHATSNEW: Add text on PKINIT Certificate Revocation

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9612
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
Andrew Bartlett 2023-07-19 15:50:43 +12:00
parent 980c1565ed
commit 0ee8c263f6

View File

@ -108,7 +108,24 @@ The use of well known cryptography libraries makes Samba easier for
end-users to validate and deploy, and for distributors to ship. This
is the end of a very long journey for Samba.
Revocation support in Heimdal KDC for PKINIT certificates
---------------------------------------------------------
Samba will now correctly honour the revocation of 'smart card'
certificates used for PKINIT Kerberos authentication.
This list is reloaded each time the file changes, so no further action
other than replacing the file is required. The additional krb5.conf
option is:
[kdc]
pkinit_revoke = FILE:/path/to/crl.pem
Information on the "Smart Card login" feature as a whole is at:
https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login
================
REMOVED FEATURES
================