[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heimdal 1.1

>> * Read-only PKCS11 provider built-in to hx509.
>> * Mac OS X 10.5 support for native credential cache.
> I don't suppose we can combine these to provide pkcs11 support for  
> pam_pkcs11 on MacOS?  Contrary to my expectations, there doesn't  
> seem to be any pkcs11 support (in that direction) on Leopard.

The hx509 pkcs11 provider doesn't provide encryption (only signing),  
and if I rememeber correctly pam_pkcs11 used to encrypt and then  
decrypt it to verify the pin unlocked the key. If it uses signing/ 
verify it should work.

However it seems like go over the river to get water, having a PAM  
module that talked to CSSM/keychain directly would make more sense....