[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: More on pkinit and proxy certificates

Daniel Kouril wrote:
20070131164112.GA12799@acamara" type="cite">
On Wed, Jan 31, 2007 at 02:03:37AM +0200, Athanasios Moralis wrote:
Hi all,
I have a problem when using pkinit with a proxy certificate. Using the 
normal certificate works fine.

I am using the globus grid-proxy-init to produce the proxy certificate:
   root@black:~# grid-proxy-init -out /root/proxycert.pem

I haven't checked with the Heimdal code but my understanding is that
Heimdal supports "only" the RFC3820-compliant proxy format, which
differs from what is produces by standard grid-proxy-init. You may want
to look at the -rfc option of newer grid-proxy-init.

You are right. Producing the proxy certificate with grid-proxy-init -rfc works with the heimdal pkinit. I was able to acquire a tgt with the produced proxy.

20070131164112.GA12799@acamara" type="cite">

Best regards