[SAMBA4] Towards another TP?
Love Hörnquist Åstrand
lha at kth.se
Wed Jan 3 16:21:06 GMT 2007
3 jan 2007 kl. 05.37 skrev Andrew Bartlett:
> Heimdal: Love has given me a PAC patch, and once we work on an
> agreeable form for that, and the couple of other things in the
> diff, we
> should almost be at 'drop heimdal tarball here' stage.
The patch should be in the Heimdal tree now. I think we worked out all
issues but if I missed anything, I'll clean it up.
>>> and maybe I'll even test PK-INIT with this setup!
>> How do you have that working? Using PKCS#11 cards and heimdal or some
>> other combination?
>
> That's the aim. It should work, I just need to set up the server-side
> to make my PKCS#11 cards more than expensive keyrings :-)
Heimdal's pkinit code supports any of PEM, raw der, PKCS12 and PKCS12
certificate/key stores. Using certificates in files are much easier
and saves
pulling out hair. If you want to use a pkcs11 store, i recommend the
"hardware"
provider of Love, http://people.su.se/~lha/soft-pkcs11/
You still need OpenSSL to generate keys, but other stuff you can do
with Heimdal (I'll update the documentation).
Love
More information about the samba-technical
mailing list