[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "Home-made" PKCS certificates, soft-pkcs and PKINIT

Love Hörnquist Åstrand wrote:
>> I slightly changed .soft-token.rc (I just split my pem certificate in 
>> two):
>> mike    Certificate of user mike    /home/mike/secure/mike.crt    
>> /home/mike/secure/mike.key
>> anchor    CAcert    /etc/ssl/ca.crt
>> But with no avail:
>> kinit -C PKCS11:/usr/local/lib/soft-pkcs11.so mike
>> kinit: krb5_get_init_creds_opt_set_pkinit: Failed to init cert certs: 
>> Failed to get mech info for slot 0
> In the source tree of trunk there is example how to use soft-pkcs11 
> that now is ncluded in hx509.
> http://www.h5l.org/fisheye/browse/heimdal/trunk/heimdal/tests/kdc/check-pkinit.in?r=22474 
> The test sets up certificates, tests it with in diffrent combination 
> that includes pkcs11.
> Note that the syntax is diffrent, heimdal-1.2rc1 have this code included.
> Love
Thanks, it helps a lot!
In heimdal-1.1:
1. Set SOFTPKCS11RC environment variable
2. Create tab-separated rc-file:
certificate     cert   Mike      FILE:/home/mike/secure/mike.pem
3. kinit -C PKCS11:libhx509.so mike
That 's all!