[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "Home-made" PKCS certificates, soft-pkcs and PKINIT

To: Love Hörnquist Åstrand <lha@kth.se>
Subject: Re: "Home-made" PKCS certificates, soft-pkcs and PKINIT
From: mkondrin <mkondrin@hppi.troitsk.ru>
Date: Mon, 28 Apr 2008 14:48:37 +0400
CC: heimdal-discuss@sics.se
In-Reply-To: <0991ACB7-CCE0-44A5-AD5E-3673D5C4C067@kth.se>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <480C4CA0.30702@hppi.troitsk.ru> <4811D3D7.4070005@hppi.troitsk.ru> <0991ACB7-CCE0-44A5-AD5E-3673D5C4C067@kth.se>
Reply-To: heimdal-discuss@sics.se, mkondrin <mkondrin@hppi.troitsk.ru>
User-Agent: Thunderbird 1.5.0.7 (X11/20060909)

Love Hörnquist Åstrand wrote:
>> I slightly changed .soft-token.rc (I just split my pem certificate in 
>> two):
>>
>> mike    Certificate of user mike    /home/mike/secure/mike.crt    
>> /home/mike/secure/mike.key
>> anchor    CAcert    /etc/ssl/ca.crt
>>
>> But with no avail:
>> kinit -C PKCS11:/usr/local/lib/soft-pkcs11.so mike
>> kinit: krb5_get_init_creds_opt_set_pkinit: Failed to init cert certs: 
>> Failed to get mech info for slot 0
>
> In the source tree of trunk there is example how to use soft-pkcs11 
> that now is ncluded in hx509.
>
> http://www.h5l.org/fisheye/browse/heimdal/trunk/heimdal/tests/kdc/check-pkinit.in?r=22474 
>
>
> The test sets up certificates, tests it with in diffrent combination 
> that includes pkcs11.
>
> Note that the syntax is diffrent, heimdal-1.2rc1 have this code included.
>
> Love
>
>
>
Thanks, it helps a lot!
In heimdal-1.1:
1. Set SOFTPKCS11RC environment variable
2. Create tab-separated rc-file:
certificate     cert   Mike      FILE:/home/mike/secure/mike.pem
3. kinit -C PKCS11:libhx509.so mike
That 's all!

M.Kondrin

References:
- "Home-made" PKCS certificates, soft-pkcs and PKINIT
  - From: mkondrin <mkondrin@hppi.troitsk.ru>
- Re: "Home-made" PKCS certificates, soft-pkcs and PKINIT
  - From: MKondrin <mkondrin@hppi.troitsk.ru>
- Re: "Home-made" PKCS certificates, soft-pkcs and PKINIT
  - From: Love Hörnquist Åstrand <lha@kth.se>

Prev by Date: No Subject
Next by Date: Compatibility problem?
Prev by thread: Re: "Home-made" PKCS certificates, soft-pkcs and PKINIT
Next by thread: Partial Slave KDC
Index(es):
- Date
- Thread