[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Smartcard logon using Heimdal KDC

To: Prágai Róbert <pragai@rubin.hu>
Subject: Re: Smartcard logon using Heimdal KDC
From: Love <lha@stacken.kth.se>
Date: Tue, 27 Jan 2004 09:49:22 +0100
Cc: heimdal-discuss@sics.se
In-Reply-To: <40161DE9.6000909@rubin.hu> (Prágai Róbert's message of "Tue, 27 Jan 2004 09:14:33 +0100")
References: <40150AF7.8020803@rubin.hu><p05210605bc3b3b42e074@[137.78.212.225]> <40161DE9.6000909@rubin.hu>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (berkeley-unix)

Prágai Róbert <pragai@rubin.hu> writes:

> Hi,
>
>     no we are on the Kerberos PKINIT way
> (draft-ietf-cat-kerberos-pk-init-16.txt). The basic plan is to support
> several smartcards (and tokens) with a mediate security layer that
> gives a standard interface to the PKINIT for any device in a pluggable
> way. But it seems that the Windows workstation assumes that if the
> logon is not a domain logon, then it cannot be a PKINIT logon
> neither. I'm not sure about this.

You are aware the microsoft implements -11 (or was it -12) of the draft ?
Daniel Kouril patch takes this into account.

The client doens't look at the preauth reply from the kdc to descide if it
wants to use PKINIT ?

Love

PGP signature

Follow-Ups:
- Re: Smartcard logon using Heimdal KDC
  - From: Prágai Róbert <pragai@rubin.hu>

References:
- Smartcard logon using Heimdal KDC
  - From: Prágai Róbert <pragai@rubin.hu>
- Re: Smartcard logon using Heimdal KDC
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
- Re: Smartcard logon using Heimdal KDC
  - From: Prágai Róbert <pragai@rubin.hu>

Prev by Date: Re: OpenSSH, OpenAFS, Heimdal Kerberos and MIT Kerberos
Next by Date: Re: Smartcard logon using Heimdal KDC
Prev by thread: Re: Smartcard logon using Heimdal KDC
Next by thread: Re: Smartcard logon using Heimdal KDC
Index(es):
- Date
- Thread