[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Matthew N. Andrews wrote:
> so after wrestling with a mass of linking problems I seem to finally
> have openssl, heimdal, opensc, and soft-pkcs11 all built with debugging
> and without optimization(YAY!). now however I'm still having some
> trouble getting it all to work.
> when I run "kinit -C
With the cert in /tmp/x509up_u31765 it looks like you are trying to
use a Globus proxy cert. The private key sould also be in the same file
so it is not clear why you need the engine or pkcs11 at all. Try changing
KEY=slot_0 to KEY=/tmp/x509up_u31765.
> I get the following error:
> kinit: krb5_get_init_creds: Can't decrypt key: error:2A008404:PKCS11
> library:PKCS11_rsa_decrypt:Not supported
> now this seems to be a case of openssl trying to use the engine that was
> loaded to decrypt something which soft-pkcs11 does not do. Is this
> supposed to fail in this way?
> Love, I notice that you have this error on your pkinit for heimdal page.
> Is it currently possible to use soft-pkcs11 with heimdal pkinit?
> Just fyi I'm using heimdal-20050927, opensc-0.9.6, openssl-0.9.8, and
> (I could have sworn I saw this work once, but then again I might just be
> completely halucinating after spending 3 out of the last four days on
> this stuff.)
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439