Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

[Fed-Talk] PIV/PKINIT with Anything Other Than AD?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fed-Talk] PIV/PKINIT with Anything Other Than AD?

Subject: [Fed-Talk] PIV/PKINIT with Anything Other Than AD?
From: "Henry B. Hotz" <email@hidden>
Date: Tue, 04 Dec 2012 16:30:35 -0800

Has anyone done this?  For me, it works fine in Snow Leopard, and an Open Source build of Heimdal works fine in Lion, but the built-in Heimdal on Lion doesn't.  (There are differences in how the KDC's certificate is verified which I'm guessing are due to using Apple PKI instead of Heimdal PKI for the verification.)

If anyone *has* done it, can you send me a "tcpdump -w dumpfile -s 0 port 88" of the exchange?  I'd like to see what's actually different from what I've tried.

<<If anyone's worried about providing the network dump, remember that the protocol was designed to work over a hostile network.  It will include things like usernames and public keys, but not secret keys.>>
------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
email@hidden, or email@hidden


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

Next by Date: [Fed-Talk] How does OS X choose which intermediate cert to use in chain?
Next by thread: [Fed-Talk] How does OS X choose which intermediate cert to use in chain?
Index(es):
- Date
- Thread