One Time Identification, a request for comments/testing.
Andrew Bartlett
abartlet at samba.org
Wed Jan 31 16:21:49 EST 2007
On Wed, 2007-01-31 at 15:17 -0600, Nicolas Williams wrote:
> On Thu, Feb 01, 2007 at 07:51:47AM +1100, Andrew Bartlett wrote:
> > I think developing a cross-platform USB 'tumb drive' based soft token
> > would be an immense benefit. It could make PKINIT real for many small
> > sites that do not yet wish to invest in a token stack, and perhaps more
> > importantly, make PKINIT and smart-card login something that developers
> > and interested technical users can test with resources to hand.
>
> What do you mean by "cross-platform"?
Works with windows desktops too :-)
> OpenSolaris has an OSS (CDDL'ed) PKCS#11 softtoken provider that does
> pretty much what you want. It stores its files in a filesystem, by
> default in a sub-directory of the user's home directory; filesystem type
> does not matter. Since you can put filesystems on a USB flash drive
> that should suffice for a "cross-platform" softtoken.
>
> The specifics of the Solaris softtoken's directory layout and file
> formats are project private interfaces IIRC, but if there's interest I
> imagine that we could document them, make them committed public
> interfaces and help establish a standard for a cross-platform softtoken.
Love also has a PKCS#11 softtoken. The details that I think might need
work are integration so that the logon systems on various platforms
'know' that the token is there, and the softtoken driver should be used.
Andrew Bartlett
--
Andrew Bartlett <abartlet at samba.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20070201/7789f081/attachment.bin
More information about the Kerberos
mailing list