I am doing some research on Mac OS X PKINIT support. I have searched the CDSA mailing list before posting and I am a little bit confused. The first strange thing is that the version of Kerberos that ships with Leopard seems to have an initial PKINIT support.
However, I am not sure if this support only concerns the KDC side as I was not able to authenticate my OSX client with an existing Heimdal KDC with preauthentication. So, is the MIT not providing a PKINIT compliant client or OSX Kerb client not compiled with PKINIT support ?
I read from different sources that Back to My Mac makes use of PKINIT to authenticate entities, but no "real" explanation neither source code are available. Is it a good lead to follow ?
What approach would you recommend to implement a Kerberos login with PKINIT ? I was thinking of replacing the existing Kerberos AuthPlugin
with Heimdal code/libraries but that would not make use of native OSX API, which is a shame. In the end, the aim is to perform Kerberos authentication using the certificate located on a smartcard, but that is another story.
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden