RE: [Fed-Talk] SmartCard Login
RE: [Fed-Talk] SmartCard Login
- Subject: RE: [Fed-Talk] SmartCard Login
- From: "Nebergall, Christopher" <email@hidden>
- Date: Tue, 14 Feb 2006 12:56:32 -0700
- Thread-topic: [Fed-Talk] SmartCard Login
Could you point to what code you are referring to?
-Christopher
-----Original Message-----
From: Paul Nelson [mailto:email@hidden]
Sent: Tuesday, February 14, 2006 12:50 PM
To: Nebergall, Christopher; Timothy J. Miller; Brian Raymond
Cc: Apple Fed Talk
Subject: Re: [Fed-Talk] SmartCard Login
In looking at source code for Apple's version of MIT Kerberos, it
appears that they have added some code to try to implement PKINIT. Does
anyone know anything about this? I don't know if or how it works.
Paul Nelson
Thursby Software Systems, Inc.
> From: "Nebergall, Christopher" <email@hidden>
> Date: Tue, 14 Feb 2006 11:39:43 -0700
> To: "Nebergall, Christopher" <email@hidden>, "Timothy J. Miller"
> <email@hidden>, Brian Raymond <email@hidden>
> Cc: <email@hidden>
> Conversation: [Fed-Talk] SmartCard Login
> Subject: RE: [Fed-Talk] SmartCard Login
>
> Forgive me if this message is a repeat. I'm uncertain if the message
> went out the first time.
>
> You could write a program linked against Mac's MIT Kerberos which read
> in credentials from a file based cache (created from Heimdal) and
> write them back out into the memory based cache used by all of the Mac
> apps and run this app after login. Then all apps should work.
>
> -Christopher
> -----Original Message-----
> From: fed-talk-bounces+cneberg=email@hidden
> [mailto:fed-talk-bounces+cneberg=email@hidden] On Behalf
> Of Timothy J. Miller
> Sent: Tuesday, February 07, 2006 11:53 AM
> To: Brian Raymond
> Cc: email@hidden
> Subject: Re: [Fed-Talk] SmartCard Login
>
> Brian Raymond wrote:
>> We had a similar discussion a couple of months ago on the list and at
>> that time I provided some possibilities given PAM, Windows
>> 2000(2003),
>
>> Heimdal's implementations of PKINIT. You might be able to wire it up
>> on your own,
>
> Unlikely, since OS X is built on MIT Kerberos. Yes, you might
> possibly get PKINIT working, but the rest of your OS X apps wouldn't
> be able to leverage the tickets without at least relinking to (and
> more likely porting to) Heimdal.
>
> -- Tim
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden