I'm reasonably sure that this would belong in a pkinit plugin not in do_as_req.c.
Also, the flag should be documented to indicate what it means--client attempted pkinit? Client succeeded in using pkinit?
I also wonder whether you want a mechanism for a db plugin to figure out all the padata or fast factors that a request is using.
Note that this flag will need to be added back by at least one vendor.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21694
dc483132-0cff-0310-8789-
dd5450dbe970
goto errout;
}
- if (find_pa_data(reply.padata, KRB5_PADATA_PK_AS_REP))
- c_flags |= KRB5_KDB_FLAG_PKINIT;
-
errcode = handle_authdata(kdc_context,
c_flags,
&client,