[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pkinit/opensc/soft-pkcs11
I am not trying just to use a proxy file. what I actually want is to in
face actually retrieve that cert/key from the myproxy server on the fly
when kinit asks for it using the krb5/ssl prompter to ask for the
myproxy password. IE before the kinit runs, there is no myproxy
credential anywhere on the machine.
the reason I was using the myproxy file before was to test that all the
pieces I wanted to use were working before I started modifying
them(helps diferentiate bugs I introduce from pre-existing
bugs/configuration errors, and also helped me get a feel for how the
whole stack fit together).
-Matt
Douglas E. Engert wrote:
> Since you are trying to use a Globus proxy file, all the code you
> need may already be present and you don't need the engine at all.
>
> Can you try:
>
> kinit -C FILE:tmp/x509up_u31765,tmp/x509up_u31765 ma3d
>
> This will use the load_openssl_file,(rather then the load_openssl_engine)
> and use the proxy file for the cert and key.
>
>
> Matthew N. Andrews wrote:
>
>> Hmmm...
>>
>> upon further consideration I think you're right(sorta). pkcs11 is not
>> really what I want here. it's more likely that what I want is actually
>> simply a engine_myproxy.sa that provides ENGINE_load_private_key, and
>> ENGINE_load_public_key, and ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL" ...
>>
>> whee!!!!
>>
>>
>> Matthew N. Andrews wrote: