WHATSNEW: Add text on PKINIT Certificate Revocation

author Andrew Bartlett <abartlet@samba.org>

Wed, 19 Jul 2023 03:50:43 +0000 (15:50 +1200)

committer Andrew Bartlett <abartlet@samba.org>

Fri, 21 Jul 2023 01:25:36 +0000 (01:25 +0000)
author Andrew Bartlett <abartlet@samba.org>
Wed, 19 Jul 2023 03:50:43 +0000 (15:50 +1200)
committer Andrew Bartlett <abartlet@samba.org>
Fri, 21 Jul 2023 01:25:36 +0000 (01:25 +0000)
diff --git a/WHATSNEW.txt b/WHATSNEW.txt

index 7cdb9f32f08067419d8d805003477431bd36ce12..e38eeccfa2240cc41814d78447d004db61559464 100644 (file)
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -108,7 +108,24 @@ The use of well known cryptography libraries makes Samba easier for
  end-users to validate and deploy, and for distributors to ship.  This
  is the end of a very long journey for Samba.
  
+Revocation support in Heimdal KDC for PKINIT certificates
+---------------------------------------------------------
+
+Samba will now correctly honour the revocation of 'smart card'
+certificates used for PKINIT Kerberos authentication.
+
+This list is reloaded each time the file changes, so no further action
+other than replacing the file is required.  The additional krb5.conf
+option is:
+
+ [kdc]
+       pkinit_revoke = FILE:/path/to/crl.pem
  
+Information on the "Smart Card login" feature as a whole is at:
+ https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login
+
+
+================
  REMOVED FEATURES
  ================
author	Andrew Bartlett <abartlet@samba.org>
	Wed, 19 Jul 2023 03:50:43 +0000 (15:50 +1200)
committer	Andrew Bartlett <abartlet@samba.org>
	Fri, 21 Jul 2023 01:25:36 +0000 (01:25 +0000)