[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: More on pkinit and proxy certificates

To: Daniel Kouril <kouril@ics.muni.cz>
Subject: Re: More on pkinit and proxy certificates
From: Athanasios Moralis <amoral@netmode.ntua.gr>
Date: Wed, 31 Jan 2007 19:11:32 +0200
Cc: Heimdal-discuss list <heimdal-discuss@sics.se>
In-Reply-To: <20070131164112.GA12799@acamara>
References: <45BFDCD9.3050204@netmode.ntua.gr> <20070131164112.GA12799@acamara>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Thunderbird 2.0b2 (Macintosh/20070116)

Daniel Kouril wrote:

20070131164112.GA12799@acamara" type="cite">

On Wed, Jan 31, 2007 at 02:03:37AM +0200, Athanasios Moralis wrote:

Hi all,
I have a problem when using pkinit with a proxy certificate. Using the 
normal certificate works fine.

I am using the globus grid-proxy-init to produce the proxy certificate:
   root@black:~# grid-proxy-init -out /root/proxycert.pem


I haven't checked with the Heimdal code but my understanding is that
Heimdal supports "only" the RFC3820-compliant proxy format, which
differs from what is produces by standard grid-proxy-init. You may want
to look at the -rfc option of newer grid-proxy-init.

You are right. Producing the proxy certificate with grid-proxy-init -rfc works with the heimdal pkinit. I was able to acquire a tgt with the produced proxy.

20070131164112.GA12799@acamara" type="cite">
cheers,

Daniel
  

Best regards
Sakis

References:
- More on pkinit and proxy certificates
  - From: Athanasios Moralis <amoral@netmode.ntua.gr>
- Re: More on pkinit and proxy certificates
  - From: Daniel Kouril <kouril@ics.muni.cz>

Prev by Date: Re: PKinit
Next by Date: Re: More on pkinit and proxy certificates
Prev by thread: Re: More on pkinit and proxy certificates
Next by thread: Re: More on pkinit and proxy certificates
Index(es):
- Date
- Thread