[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heimdal 1.1

To: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Subject: Re: Heimdal 1.1
From: Love Hörnquist Åstrand <lha@kth.se>
Date: Thu, 24 Jan 2008 13:24:55 -0800
Cc: heimdal-discuss@sics.se
In-Reply-To: <B13AB78E-7BC0-4E51-B888-626864FE6309@jpl.nasa.gov>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <001D4C4F-3C4F-4149-BF35-57112EB75E2C@kth.se> <B13AB78E-7BC0-4E51-B888-626864FE6309@jpl.nasa.gov>
Reply-To: heimdal-discuss@sics.se, Love Hörnquist Åstrand <lha@kth.se>

>> * Read-only PKCS11 provider built-in to hx509.
>
>> * Mac OS X 10.5 support for native credential cache.
>
> I don't suppose we can combine these to provide pkcs11 support for  
> pam_pkcs11 on MacOS?  Contrary to my expectations, there doesn't  
> seem to be any pkcs11 support (in that direction) on Leopard.

The hx509 pkcs11 provider doesn't provide encryption (only signing),  
and if I rememeber correctly pam_pkcs11 used to encrypt and then  
decrypt it to verify the pin unlocked the key. If it uses signing/ 
verify it should work.

However it seems like go over the river to get water, having a PAM  
module that talked to CSSM/keychain directly would make more sense....

Love

Follow-Ups:
- Re: Heimdal 1.1
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>

References:
- Heimdal 1.1
  - From: Love Hörnquist Åstrand <lha@kth.se>
- Re: Heimdal 1.1
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>

Prev by Date: Heimdal 1.1 telnetd broken under Solaris 10
Next by Date: Re: Forwarding bug for addressfull tickets in 1.0.x and 1.1rcX (and probable cause)
Prev by thread: Re: Heimdal 1.1
Next by thread: Re: Heimdal 1.1
Index(es):
- Date
- Thread