[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "Home-made" PKCS certificates, soft-pkcs and PKINIT
Love Hörnquist Åstrand wrote:
>> I slightly changed .soft-token.rc (I just split my pem certificate in
>> two):
>>
>> mike Certificate of user mike /home/mike/secure/mike.crt
>> /home/mike/secure/mike.key
>> anchor CAcert /etc/ssl/ca.crt
>>
>> But with no avail:
>> kinit -C PKCS11:/usr/local/lib/soft-pkcs11.so mike
>> kinit: krb5_get_init_creds_opt_set_pkinit: Failed to init cert certs:
>> Failed to get mech info for slot 0
>
> In the source tree of trunk there is example how to use soft-pkcs11
> that now is ncluded in hx509.
>
> http://www.h5l.org/fisheye/browse/heimdal/trunk/heimdal/tests/kdc/check-pkinit.in?r=22474
>
>
> The test sets up certificates, tests it with in diffrent combination
> that includes pkcs11.
>
> Note that the syntax is diffrent, heimdal-1.2rc1 have this code included.
>
> Love
>
>
>
Thanks, it helps a lot!
In heimdal-1.1:
1. Set SOFTPKCS11RC environment variable
2. Create tab-separated rc-file:
certificate cert Mike FILE:/home/mike/secure/mike.pem
3. kinit -C PKCS11:libhx509.so mike
That 's all!
M.Kondrin