Re: "Home-made" PKCS certificates, soft-pkcs and PKINIT

[Love Hörnquist Åstrand <lha@kth.se>]

> I slightly changed .soft-token.rc (I just split my pem certificate  
> in two):
>
> mike    Certificate of user mike    /home/mike/secure/mike.crt    / 
> home/mike/secure/mike.key
> anchor    CAcert    /etc/ssl/ca.crt
>
> But with no avail:
> kinit -C PKCS11:/usr/local/lib/soft-pkcs11.so mike
> kinit: krb5_get_init_creds_opt_set_pkinit: Failed to init cert  
> certs: Failed to get mech info for slot 0

In the source tree of trunk there is example how to use soft-pkcs11  
that now is ncluded in hx509.

http://www.h5l.org/fisheye/browse/heimdal/trunk/heimdal/tests/kdc/check-pkinit.in?r=22474

The test sets up certificates, tests it with in diffrent combination  
that includes pkcs11.

Note that the syntax is diffrent, heimdal-1.2rc1 have this code  
included.

Love