[32312] in Kerberos
pkinit-nss.
daemon@ATHENA.MIT.EDU (Patrik Martinsson)
Fri May 7 05:36:48 2010
Message-ID: <4BE3DF0A.6000000@smhi.se>
Date: Fri, 07 May 2010 11:36:10 +0200
From: Patrik Martinsson <Patrik.Martinsson@smhi.se>
MIME-Version: 1.0
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hello,
I'm curios about the pkinit-nss native support in kerberos > 1.6.3.
Maybe I'm wrong here, but as I understand it I should not need the
pkinit-nss
plugin (http://git.fedorahosted.org/git/?p=pkinit-nss.git), as this is
supposed to
be inbuilt in kerberos. However I can't get the "inbuilt" pkinit-nss to
work, and when im looking
quickly thgough the source, i cant really see anything about nss (im not an
experienced programmer, so i could definitly miss something).
So question is,
is pkinit-nss inbuilt in kerberos nowdays, and if so how do i configure it ?
Today ive tried with the line, (as a start, to see if smartcardlib even
gets called)
pkinit_identities = PKCS11:/path_to_my_smartcardlib
Just of curiousity ive runned kinit with strace and tried to look for
calls to that lib,
but i cant see anything at all relating to that smartcardlib.
My working config, with pkinit-nss plugin is as follows,
allow_pkinit = yes
pkinit = {
pkinit_cert_match = condition
pkinit_kdc_hostnamepkinit_eku_checking
is_hw = yes
}
Again, sorry if im missing something, any help appriciated.
Best Regards,
Patrik Martinsson, Sweden.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
