[37185] in Kerberos
Re: certificate revocation checking in pkinit in KDC
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Fri Jul 31 19:58:25 2015
Message-Id: <201507312358.t6VNw4XB023738@hedwig.cmf.nrl.navy.mil>
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
To: Jim Shi <hanmao_shi@apple.com>
In-Reply-To: <1CEE850C-20E9-4BBB-90AD-1526C2201D43@apple.com>
MIME-Version: 1.0
Date: Fri, 31 Jul 2015 19:58:03 -0400
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>Is it possible to check if a certificate is revoked against a URL in MIT KDC?
Currently the answer is 'no' with the MIT implementation. We have code
here at NRL which does that (I'm assuming you mean checking using OCSP),
and it's pretty straightforward. It's on my medium term to-do list to
contribute that code to MIT for inclusion their pkinit plugin, but sadly
I've been busy with other things.
--Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos