[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PK-INIT update

To: heimdal-discuss@sics.se
Subject: PK-INIT update
From: Love Hörnquist Åstrand <lha@kth.se>
Date: Fri, 07 Apr 2006 13:19:46 +0200
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/22.0.50 (darwin)


Hello,

At last kerberos interop meeting in Boston we tested, among other things,
Heimdal PK-INIT with other implementations and got them to work for every
kind of certificate we tried. Both using heimdal as a KDC and as a client.

In this test I used newly commited code for the X509/CMS part of PK-INIT
called hx509 and is included in Heimdal.

The syntax in the configuration file have changed slightly, other than
that, it works the same way as the code based on OpenSSL's libcrypto.

The new addition is native support reading certificate stores in the format
ofPKCS11, PKCS12 (.pfx/.p11), and directories.

If you try tonights snapshot, it should work for you.

I've updated the webpage and will try to write documentation on how to
create certificates to use as a client and KDC.

Love

PGP signature

Follow-Ups:
- Re: PK-INIT update
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
- Re: PK-INIT update
  - From: Andrew Bartlett <abartlet@samba.org>

Prev by Date: Using Ktelnet
Next by Date: Some iprop 0.7.2 questions.
Prev by thread: Using Ktelnet
Next by thread: Re: PK-INIT update
Index(es):
- Date
- Thread