[39487] in Kerberos
Support for PKINIT on Windows now available in MIT Kerberos
daemon@ATHENA.MIT.EDU (Ken Hornstein via Kerberos)
Thu Feb 27 18:00:52 2025
Message-Id: <202502272259.51RMxS3n027396@hedwig.cmf.nrl.navy.mil>
To: kerberos@mit.edu
MIME-Version: 1.0
Date: Thu, 27 Feb 2025 17:59:28 -0500
From: Ken Hornstein via Kerberos <kerberos@mit.edu>
Reply-To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
(Since a few people have asked about this over the years, I felt it was
worth an announcement).
I am pleased to report that MIT Kerberos now supports PKINIT on the
Windows platform. The technical details of this can be found in the
pull request here:
https://github.com/krb5/krb5/pull/1401
This means that with a PKCS#11 library and the appropriate client
configuration one can use a smartcard to authenticate with MIT Kerberos.
I have tested this support with a PIV card and both the OpenSC and
ActivClient PKCS#11 libraries.
Right now this support is only on the 'master' branch of MIT Kerberos
and you will have to build MIT Kerberos from source to utilize it;
the build directions are in the source tree under src/windows/README.
Thanks to Greg Hudson working with me to push this across the finish line.
--Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
