[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PK-INIT update
Outstanding!
I will probably be experimenting with this in a few weeks (if I don't
have to spend too much time with SecurID anyway). Is this a "use the
source Luke" kind of thing, or is there some documentation of how
it's supposed to work somewhere?
I'm going to wind up in the same situation as Doug E. it appears,
except I'll probably want MacOS support in Tiger, and maybe Panther,
not just Leopard. I don't suppose anyone else is doing an
Authorization Services plug-in?
On Apr 7, 2006, at 4:19 AM, Love Hörnquist Åstrand wrote:
>
> Hello,
>
> At last kerberos interop meeting in Boston we tested, among other
> things,
> Heimdal PK-INIT with other implementations and got them to work for
> every
> kind of certificate we tried. Both using heimdal as a KDC and as a
> client.
>
> In this test I used newly commited code for the X509/CMS part of PK-
> INIT
> called hx509 and is included in Heimdal.
>
> The syntax in the configuration file have changed slightly, other than
> that, it works the same way as the code based on OpenSSL's libcrypto.
>
> The new addition is native support reading certificate stores in
> the format
> ofPKCS11, PKCS12 (.pfx/.p11), and directories.
>
> If you try tonights snapshot, it should work for you.
>
> I've updated the webpage and will try to write documentation on how to
> create certificates to use as a client and KDC.
>
> Love
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu