Clarify X509_user_identity documentation

author Greg Hudson <ghudson@mit.edu>

Fri, 18 Apr 2025 16:23:10 +0000 (12:23 -0400)

committer Greg Hudson <ghudson@mit.edu>

Fri, 25 Apr 2025 20:59:30 +0000 (16:59 -0400)
author Greg Hudson <ghudson@mit.edu>
Fri, 18 Apr 2025 16:23:10 +0000 (12:23 -0400)
committer Greg Hudson <ghudson@mit.edu>
Fri, 25 Apr 2025 20:59:30 +0000 (16:59 -0400)
diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst

index e80e02ebabc2762a6bbbd5fe3f94f3f37d4d6534..e0c7a633094e4f2d35d6ab9d2f501fc0c9cbad3f 100644 (file)
--- a/doc/admin/conf_files/krb5_conf.rst
+++ b/doc/admin/conf_files/krb5_conf.rst
@@ -1052,8 +1052,10 @@ information for PKINIT is as follows:
      a particular smard card reader or token if there is more than one
      available.  ``certid=`` and/or ``certlabel=`` may be specified to
      force the selection of a particular certificate on the device.
-    See the **pkinit_cert_match** configuration option for more ways
-    to select a particular certificate to use for PKINIT.
+    Specifier values must not contain colon characters, as colons are
+    always treated as separators.  See the **pkinit_cert_match**
+    configuration option for more ways to select a particular
+    certificate to use for PKINIT.
  
  **ENV:**\ *envvar*
      *envvar* specifies the name of an environment variable which has
author	Greg Hudson <ghudson@mit.edu>
	Fri, 18 Apr 2025 16:23:10 +0000 (12:23 -0400)
committer	Greg Hudson <ghudson@mit.edu>
	Fri, 25 Apr 2025 20:59:30 +0000 (16:59 -0400)