[35972] in Kerberos
RE: [EXTERNAL] kinit using smartcard or tpm cert for pkinit
daemon@ATHENA.MIT.EDU (Nebergall, Christopher)
Tue Apr 1 18:14:16 2014
From: "Nebergall, Christopher" <cneberg@sandia.gov>
To: "Huang, Peter (HP-IT Palo Alto)" <peter.huang@hp.com>,
"kerberos@mit.edu"
<kerberos@mit.edu>
Date: Tue, 1 Apr 2014 22:13:46 +0000
Message-ID: <893BA076328F64459E145F3CA3682073A299181F@EXMB01.srn.sandia.gov>
In-Reply-To: <5DB7FD2B6375E1458DB65D657D56D0084AC19EB1@G9W0748.americas.hpqcorp.net>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
It supports pkcs11.
http://web.mit.edu/Kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html?highlight=pkcs11
-Christopher
-----Original Message-----
From: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mit.edu] On Behalf Of Huang, Peter (HP-IT Palo Alto)
Sent: Tuesday, April 01, 2014 7:52 AM
To: kerberos@mit.edu
Subject: [EXTERNAL] kinit using smartcard or tpm cert for pkinit
Have anyone done testing pkinit pre-auth using cert on smartcard (may be thru openssl pkcs11) or TPM? The current instructions only detail cert on the file system but not on smartcard or tpm. It would be nice that kinit will have a switch that access the private key on the secure devices complete the pre-auth sequence.
-peter huang
Hewlett-Packard Company
3000 Hanover Street
Palo Alto, CA 94304
Tel (650)236-3590
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
