[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Heimdal 1.1
>> * Read-only PKCS11 provider built-in to hx509.
>> * Mac OS X 10.5 support for native credential cache.
> I don't suppose we can combine these to provide pkcs11 support for
> pam_pkcs11 on MacOS? Contrary to my expectations, there doesn't
> seem to be any pkcs11 support (in that direction) on Leopard.
The hx509 pkcs11 provider doesn't provide encryption (only signing),
and if I rememeber correctly pam_pkcs11 used to encrypt and then
decrypt it to verify the pin unlocked the key. If it uses signing/
verify it should work.
However it seems like go over the river to get water, having a PAM
module that talked to CSSM/keychain directly would make more sense....