RE: [Fed-Talk] SmartCard Login
RE: [Fed-Talk] SmartCard Login
- Subject: RE: [Fed-Talk] SmartCard Login
- From: "Nebergall, Christopher" <email@hidden>
- Date: Tue, 14 Feb 2006 13:10:10 -0700
- Thread-topic: [Fed-Talk] SmartCard Login
I'll forward your question to the MIT Kerberos mailing list and post
back to the list if I find out anything.
-Christopher
-----Original Message-----
From: Paul Nelson [mailto:email@hidden]
Sent: Tuesday, February 14, 2006 1:01 PM
To: Nebergall, Christopher; Timothy J. Miller; Brian Raymond
Cc: Apple Fed Talk
Subject: Re: [Fed-Talk] SmartCard Login
Pull down the Kerberos-65.5 archive
http://www.opensource.apple.com/darwinsource/tarballs/other/Kerberos-65.
5.ta
r.gz
Now look for these files:
./include/pkinit_apple_utils.h
./kdc/pkinit_apple_server.c
./lib/krb5/krb/pkinit_apple_asn1.c
./lib/krb5/krb/pkinit_apple_cert_store.c
./lib/krb5/krb/pkinit_apple_client.c
./lib/krb5/krb/pkinit_apple_cms.c
./lib/krb5/krb/pkinit_apple_utils.c
> From: "Nebergall, Christopher" <email@hidden>
> Date: Tue, 14 Feb 2006 12:56:32 -0700
> To: Paul Nelson <email@hidden>, "Timothy J. Miller"
> <email@hidden>, Brian Raymond <email@hidden>
> Cc: Apple Fed Talk <email@hidden>
> Conversation: [Fed-Talk] SmartCard Login
> Subject: RE: [Fed-Talk] SmartCard Login
>
> Could you point to what code you are referring to?
>
> -Christopher
> -----Original Message-----
> From: Paul Nelson [mailto:email@hidden]
> Sent: Tuesday, February 14, 2006 12:50 PM
> To: Nebergall, Christopher; Timothy J. Miller; Brian Raymond
> Cc: Apple Fed Talk
> Subject: Re: [Fed-Talk] SmartCard Login
>
> In looking at source code for Apple's version of MIT Kerberos, it
> appears that they have added some code to try to implement PKINIT.
> Does anyone know anything about this? I don't know if or how it
works.
>
> Paul Nelson
> Thursby Software Systems, Inc.
>
>
>> From: "Nebergall, Christopher" <email@hidden>
>> Date: Tue, 14 Feb 2006 11:39:43 -0700
>> To: "Nebergall, Christopher" <email@hidden>, "Timothy J.
Miller"
>> <email@hidden>, Brian Raymond <email@hidden>
>> Cc: <email@hidden>
>> Conversation: [Fed-Talk] SmartCard Login
>> Subject: RE: [Fed-Talk] SmartCard Login
>>
>> Forgive me if this message is a repeat. I'm uncertain if the message
>> went out the first time.
>>
>> You could write a program linked against Mac's MIT Kerberos which
>> read
>
>> in credentials from a file based cache (created from Heimdal) and
>> write them back out into the memory based cache used by all of the
>> Mac
>
>> apps and run this app after login. Then all apps should work.
>>
>> -Christopher
>> -----Original Message-----
>> From: fed-talk-bounces+cneberg=email@hidden
>> [mailto:fed-talk-bounces+cneberg=email@hidden] On
>> Behalf
>
>> Of Timothy J. Miller
>> Sent: Tuesday, February 07, 2006 11:53 AM
>> To: Brian Raymond
>> Cc: email@hidden
>> Subject: Re: [Fed-Talk] SmartCard Login
>>
>> Brian Raymond wrote:
>>> We had a similar discussion a couple of months ago on the list and
>>> at
>
>>> that time I provided some possibilities given PAM, Windows
>>> 2000(2003),
>>
>>> Heimdal's implementations of PKINIT. You might be able to wire it up
>>> on your own,
>>
>> Unlikely, since OS X is built on MIT Kerberos. Yes, you might
>> possibly get PKINIT working, but the rest of your OS X apps wouldn't
>> be able to leverage the tickets without at least relinking to (and
>> more likely porting to) Heimdal.
>>
>> -- Tim
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
>>
>
>
>
>
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden