[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PK-INIT update


I will probably be experimenting with this in a few weeks (if I don't  
have to spend too much time with SecurID anyway).  Is this a "use the  
source Luke" kind of thing, or is there some documentation of how  
it's supposed to work somewhere?

I'm going to wind up in the same situation as Doug E. it appears,  
except I'll probably want MacOS support in Tiger, and maybe Panther,  
not just Leopard.  I don't suppose anyone else is doing an  
Authorization Services plug-in?

On Apr 7, 2006, at 4:19 AM, Love Hörnquist Åstrand wrote:

> Hello,
> At last kerberos interop meeting in Boston we tested, among other  
> things,
> Heimdal PK-INIT with other implementations and got them to work for  
> every
> kind of certificate we tried. Both using heimdal as a KDC and as a  
> client.
> In this test I used newly commited code for the X509/CMS part of PK- 
> called hx509 and is included in Heimdal.
> The syntax in the configuration file have changed slightly, other than
> that, it works the same way as the code based on OpenSSL's libcrypto.
> The new addition is native support reading certificate stores in  
> the format
> ofPKCS11, PKCS12 (.pfx/.p11), and directories.
> If you try tonights snapshot, it should work for you.
> I've updated the webpage and will try to write documentation on how to
> create certificates to use as a client and KDC.
> Love

The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu