[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PK-INIT update


At last kerberos interop meeting in Boston we tested, among other things,
Heimdal PK-INIT with other implementations and got them to work for every
kind of certificate we tried. Both using heimdal as a KDC and as a client.

In this test I used newly commited code for the X509/CMS part of PK-INIT
called hx509 and is included in Heimdal.

The syntax in the configuration file have changed slightly, other than
that, it works the same way as the code based on OpenSSL's libcrypto.

The new addition is native support reading certificate stores in the format
ofPKCS11, PKCS12 (.pfx/.p11), and directories.

If you try tonights snapshot, it should work for you.

I've updated the webpage and will try to write documentation on how to
create certificates to use as a client and KDC.


PGP signature