File pkinit-nss-0.7.2-1-documentation.dif of Package krb5-plugin-preauth-pkinit-nss
--- doc/README
+++ doc/README 2007/07/03 09:18:52
@@ -5,7 +5,7 @@
krbtgt/EXAMPLE.COM@EXAMPLE.COM
The certificate and its matching key are expected to be found in the
NSS database stored in the server's default location, which by
- default is /var/kerberos/krb5kdc.
+ default is /var/lib/kerberos/krb5kdc.
2. Requirements for the client's certificate.
The user's certificate should contain a subjectAltName extension
@@ -19,13 +19,13 @@
3. More KDC requirements.
The KDC must trust the user's certificate. That means that its NSS
- database, which by default is in /var/kerberos/krb5kdc, must include
+ database, which by default is in /var/lib/kerberos/krb5kdc, must include
a CA certificate in the client's signing chain, and it must be
configured to trust that certificate.
4. More client requirements.
The client system must trust the KDC's certificate. That means that
- its NSS database, which by default is in /etc/pki/nssdb, must include
+ its NSS database, which by default is in /etc/ssl/nssdb, must include
a CA certificate in the KDC's signing chain, and it must be
configured to trust that certificate.