[SAMBA4] Towards another TP?

Love Hörnquist Åstrand lha at kth.se
Wed Jan 3 16:21:06 GMT 2007

3 jan 2007 kl. 05.37 skrev Andrew Bartlett:

> Heimdal:  Love has given me a PAC patch, and once we work on an
> agreeable form for that, and the couple of other things in the  
> diff, we
> should almost be at 'drop heimdal tarball here' stage.

The patch should be in the Heimdal tree now. I think we worked out all
issues but if I missed anything, I'll clean it up.

>>> and maybe I'll even test PK-INIT with this setup!
>> How do you have that working? Using PKCS#11 cards and heimdal or some
>> other combination?
> That's the aim.  It should work, I just need to set up the server-side
> to make my PKCS#11 cards more than expensive keyrings :-)

Heimdal's pkinit code supports any of PEM, raw der, PKCS12 and PKCS12
certificate/key stores. Using certificates in files are much easier  
and saves
pulling out hair. If you want to use a pkcs11 store, i recommend the  
provider of Love, http://people.su.se/~lha/soft-pkcs11/

You still need OpenSSL to generate keys, but other stuff you can do
with Heimdal (I'll update the documentation).


More information about the samba-technical mailing list