Re: [Fed-Talk] SmartCard Login
Re: [Fed-Talk] SmartCard Login
- Subject: Re: [Fed-Talk] SmartCard Login
- From: Paul Nelson <email@hidden>
- Date: Tue, 14 Feb 2006 15:30:33 -0600
- Thread-topic: [Fed-Talk] SmartCard Login
I already talked to my guy at MIT, and he doesn't know much about what Apple
did, or if it works. Someone on the list might, however.
This is not something that MIT will be real interested in, since they are
still working on the standards.
> From: "Nebergall, Christopher" <email@hidden>
> Date: Tue, 14 Feb 2006 13:10:10 -0700
> To: Paul Nelson <email@hidden>, "Timothy J. Miller" <email@hidden>,
> Brian Raymond <email@hidden>
> Cc: Apple Fed Talk <email@hidden>
> Conversation: [Fed-Talk] SmartCard Login
> Subject: RE: [Fed-Talk] SmartCard Login
>
> I'll forward your question to the MIT Kerberos mailing list and post
> back to the list if I find out anything.
>
> -Christopher
> -----Original Message-----
> From: Paul Nelson [mailto:email@hidden]
> Sent: Tuesday, February 14, 2006 1:01 PM
> To: Nebergall, Christopher; Timothy J. Miller; Brian Raymond
> Cc: Apple Fed Talk
> Subject: Re: [Fed-Talk] SmartCard Login
>
> Pull down the Kerberos-65.5 archive
> http://www.opensource.apple.com/darwinsource/tarballs/other/Kerberos-65.
> 5.ta
> r.gz
>
> Now look for these files:
>
> ./include/pkinit_apple_utils.h
> ./kdc/pkinit_apple_server.c
> ./lib/krb5/krb/pkinit_apple_asn1.c
> ./lib/krb5/krb/pkinit_apple_cert_store.c
> ./lib/krb5/krb/pkinit_apple_client.c
> ./lib/krb5/krb/pkinit_apple_cms.c
> ./lib/krb5/krb/pkinit_apple_utils.c
>
>
>
>> From: "Nebergall, Christopher" <email@hidden>
>> Date: Tue, 14 Feb 2006 12:56:32 -0700
>> To: Paul Nelson <email@hidden>, "Timothy J. Miller"
>> <email@hidden>, Brian Raymond <email@hidden>
>> Cc: Apple Fed Talk <email@hidden>
>> Conversation: [Fed-Talk] SmartCard Login
>> Subject: RE: [Fed-Talk] SmartCard Login
>>
>> Could you point to what code you are referring to?
>>
>> -Christopher
>> -----Original Message-----
>> From: Paul Nelson [mailto:email@hidden]
>> Sent: Tuesday, February 14, 2006 12:50 PM
>> To: Nebergall, Christopher; Timothy J. Miller; Brian Raymond
>> Cc: Apple Fed Talk
>> Subject: Re: [Fed-Talk] SmartCard Login
>>
>> In looking at source code for Apple's version of MIT Kerberos, it
>> appears that they have added some code to try to implement PKINIT.
>> Does anyone know anything about this? I don't know if or how it
> works.
>>
>> Paul Nelson
>> Thursby Software Systems, Inc.
>>
>>
>>> From: "Nebergall, Christopher" <email@hidden>
>>> Date: Tue, 14 Feb 2006 11:39:43 -0700
>>> To: "Nebergall, Christopher" <email@hidden>, "Timothy J.
> Miller"
>>> <email@hidden>, Brian Raymond <email@hidden>
>>> Cc: <email@hidden>
>>> Conversation: [Fed-Talk] SmartCard Login
>>> Subject: RE: [Fed-Talk] SmartCard Login
>>>
>>> Forgive me if this message is a repeat. I'm uncertain if the message
>
>>> went out the first time.
>>>
>>> You could write a program linked against Mac's MIT Kerberos which
>>> read
>>
>>> in credentials from a file based cache (created from Heimdal) and
>>> write them back out into the memory based cache used by all of the
>>> Mac
>>
>>> apps and run this app after login. Then all apps should work.
>>>
>>> -Christopher
>>> -----Original Message-----
>>> From: fed-talk-bounces+cneberg=email@hidden
>>> [mailto:fed-talk-bounces+cneberg=email@hidden] On
>>> Behalf
>>
>>> Of Timothy J. Miller
>>> Sent: Tuesday, February 07, 2006 11:53 AM
>>> To: Brian Raymond
>>> Cc: email@hidden
>>> Subject: Re: [Fed-Talk] SmartCard Login
>>>
>>> Brian Raymond wrote:
>>>> We had a similar discussion a couple of months ago on the list and
>>>> at
>>
>>>> that time I provided some possibilities given PAM, Windows
>>>> 2000(2003),
>>>
>>>> Heimdal's implementations of PKINIT. You might be able to wire it up
>
>>>> on your own,
>>>
>>> Unlikely, since OS X is built on MIT Kerberos. Yes, you might
>>> possibly get PKINIT working, but the rest of your OS X apps wouldn't
>>> be able to leverage the tickets without at least relinking to (and
>>> more likely porting to) Heimdal.
>>>
>>> -- Tim
>>>
>>> _______________________________________________
>>> Do not post admin requests to the list. They will be ignored.
>>> Fed-talk mailing list (email@hidden)
>>> Help/Unsubscribe/Update your Subscription:
>>>
>>> This email sent to email@hidden
>>>
>>
>>
>>
>>
>>
>
>
>
>
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden