[32383] in Kerberos
Re: pkinit and smart cards
daemon@ATHENA.MIT.EDU (Douglas E. Engert)
Mon May 24 10:19:17 2010
Message-ID: <4BFA8ADF.6080801@anl.gov>
Date: Mon, 24 May 2010 09:19:11 -0500
From: "Douglas E. Engert" <deengert@anl.gov>
MIME-Version: 1.0
To: ben <ben@appliedplastic.com>
In-Reply-To: <4BF71333.3050306@appliedplastic.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
ben wrote:
> Hello,
> I am wanting to play around with smart card authentication and PGP
> key storage, and hoping for some advice. All the examples that I have
> seen for smart card login for linux appear to use a java card, or are
> vague. The only example for PGP I have seen uses the basic card, and I
> have not found any examples for use with pkinit. my current Sandbox
> configuration is built around MIT's kerberos distribution (debian
> stable), but as I am still expermenting at this stage if another
> platform has better suport, I'm willing to look at options.
>
> thanks for your time and sugestions,
PKINIT is designed to use PKI, with certificates issued by a CA
trusted by the Kerberos KDC. So in effect you login to the KDC,
that the local machine trusts.
You may also want to look at Muscle: http://www.musclecard.com/
that has an applet for smartcards, and OpenSC:
http://www.opensc-project.org/opensc
http://www.opensc-project.org/cgi-bin/mailman/listinfo
that has support for many cards and has a pam_pkcs11 that
might work with PGP authentication to a local machine.
Ask on the OpenSC mail list.
> ben
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
