X.509 Interop
Douglas E. Engert
deengert at anl.gov
Thu Nov 17 12:05:31 EST 2005
Mark Sirota wrote:
> --On November 17, 2005 6:49:22 AM +0000 Jeffrey Altman
> <jaltman2 at nyc.rr.com> wrote:
>
>> The CITI group at UMichigan also has a project that allows you to
>> use a Kerberos service ticket to obtain an X.509 certificate with
>> the same lifetime as the Kerberos ticket.
>
>
> Assuming I'm thinking of the same project, this is called "KX.509". We
> worked with it extensively here at Penn, hoping to make it our new standard
> for web-based authentication.
>
> We made considerable progress and submitted our patches back to Michigan,
> but we never deployed into production because there isn't enough browser
> support for client-side X.509 certificates. For non-web applications, this
> might be more suitable.
There is browser support! Along with the UMich Kx509 that works with
the IE there is the kpkcs11 for all the others browsers. This implements
a PKCS11 Security device plugin, and it works on Unix or Windows with
Netscape, Mozilla or any other browser that can use smatcards
via a PKCS11 plugin. It should also work on a Mac too.
>
> Mark
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list