Mailing Lists: Apple Mailing Lists
 Image of Mac OS face in stamp
Mac OS X and Kerberos PKINIT questions
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Mac OS X and Kerberos PKINIT questions

Hi,

I am doing some research on Mac OS X PKINIT support. I have searched the CDSA mailing list before posting and I am a little bit
confused. The first strange thing is that the version of Kerberos that ships with Leopard seems to have an initial PKINIT support.
However, I am not sure if this support only concerns the KDC side as I was not able to authenticate my OSX client with an existing Heimdal KDC with
preauthentication. So, is the MIT not providing a PKINIT compliant client or OSX Kerb client not compiled with PKINIT support ?

I read from different sources that Back to My Mac makes use of PKINIT to authenticate entities, but no "real" explanation neither source
code are available. Is it a good lead to follow ?

What approach would you recommend to implement a Kerberos login with PKINIT ? I was thinking of replacing the existing Kerberos AuthPlugin
with Heimdal code/libraries but that would not make use of native OSX API, which is a shame. In the end, the aim is to perform Kerberos
authentication using the certificate located on a smartcard, but that is another story.

Thomas C.
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden


Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2011 Apple Inc. All rights reserved.