[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

heimdal pkinit compiling on debian


I've successfully compiled the current heimdal snapshot with the 
asn1-choice snapshot on a Debian testing with the following tools:

libtool (GNU libtool) 1.5.10
autoconf (GNU Autoconf) 2.59
automake (GNU automake) 1.7.9
libdb4.1 (Berkeley Sleepycat DB 4.1)

Here is the complete process:

autoreconf -f
./configure --prefix=/usr --enable-shared --with-krb4 --with-roken=/usr 
--without-des --with-openssl 
--with-readline-include=/usr/include/editline --mandir=/usr/share/man 
--infodir=/usr/share/info --libexecdir=/usr/sbin

make install

Now everything works smoothly.

Next chapter:

I plan to include support for OpenSC smartcard library to use smartcards 
for PKINIT. It does not seem to be too hard if I understand the code 
well: basically I should modify the _krb5_pk_load_openssl_id function, 
which loads the private key and the certificate and the 
_krb5_pk_create_sign function which creates the signature needed for 

My questions:
- AFAIK there were some smartcard functionalities in the former pkinit 
patch. Is that approach usable here (so can I use that code as a basic 
approach), or it is depicated and the work should be started from the 
- As there will be no "loading of private key" as there is practically 
no way to get the private key out of the card, is there a common way to 
notify the _krb5_pk_create_sign function that the signature creation 
should be done in a different way? Or should I invent a new method?
- Is it OK if I use a new #define statement in the config.h like
#define UseOpenSC 1
,as PKINIT works this way?