[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pkinit/opensc/soft-pkcs11

I am not trying just to use a proxy file. what I actually want is to in 
face actually retrieve that cert/key from the myproxy server on the fly 
when kinit asks for it using the krb5/ssl prompter to ask for the 
myproxy password. IE before the kinit runs, there is no myproxy 
credential anywhere on the machine.

the reason I was using the myproxy file before was to test that all the 
pieces I wanted to use were working before I started modifying 
them(helps diferentiate bugs I introduce from pre-existing 
bugs/configuration errors, and also helped me get a feel for how the 
whole stack fit together).


Douglas E. Engert wrote:
> Since you are trying to use a Globus proxy file, all the code you
> need may already be present and you don't need the engine at all.
> Can you try:
> kinit -C FILE:tmp/x509up_u31765,tmp/x509up_u31765 ma3d
> This will use the load_openssl_file,(rather then the load_openssl_engine)
> and use the proxy file for the cert and key.
> Matthew N. Andrews wrote:
>> Hmmm...
>> upon further consideration I think you're right(sorta). pkcs11 is not 
>> really what I want here. it's more likely that what I want is actually 
>> simply a engine_myproxy.sa that provides ENGINE_load_private_key, and 
>> ENGINE_load_public_key, and ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL" ...
>> whee!!!!
>> Matthew N. Andrews wrote: