From 7ebf958b1051f6a4034b68f25c20226b6d6e22fa Mon Sep 17 00:00:00 2001
From: Timothy Pearson <kb9vqf@pearsoncomputing.net>
Date: Tue, 29 Sep 2015 15:32:39 -0500
Subject: [PATCH] Write out remaining appdefaults entries on client

---
 src/libtdeldap.cpp | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index 7543268..e9961ed 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -4904,10 +4904,13 @@ int LDAPManager::writeClientKrb5ConfFile(LDAPClientRealmConfig clientRealmConfig
 			ldap_certfile.replace("@@@ADMINSERVER@@@", realmcfg.admin_server);
 			ldap_crlfile.replace("@@@ADMINSERVER@@@", realmcfg.admin_server);
 
-			stream << "	pkinit_anchors = FILE:" << ldap_certfile << "\n";
-			stream << "	pkinit_revoke = FILE:" << ldap_crlfile << "\n";
+			stream << "    pkinit_anchors = FILE:" << ldap_certfile << "\n";
+			stream << "    pkinit_revoke = FILE:" << ldap_crlfile << "\n";
 		}
-		stream << "	pkinit_require_crl_checking = true\n";
+		stream << "    pkinit_require_crl_checking = true\n";
+		stream << "    pam = {\n";
+		stream << "        pkinit_user = PKCS11:" << TDECryptographicCardDevice::pkcsProviderLibrary() << "\n";
+		stream << "    }\n";
 		stream << "\n";
 
 		// Defaults