pkinit-nss.
Patrik Martinsson
Patrik.Martinsson at smhi.se
Fri May 7 05:36:10 EDT 2010
Hello,
I'm curios about the pkinit-nss native support in kerberos > 1.6.3.
Maybe I'm wrong here, but as I understand it I should not need the
pkinit-nss
plugin (http://git.fedorahosted.org/git/?p=pkinit-nss.git), as this is
supposed to
be inbuilt in kerberos. However I can't get the "inbuilt" pkinit-nss to
work, and when im looking
quickly thgough the source, i cant really see anything about nss (im not an
experienced programmer, so i could definitly miss something).
So question is,
is pkinit-nss inbuilt in kerberos nowdays, and if so how do i configure it ?
Today ive tried with the line, (as a start, to see if smartcardlib even
gets called)
pkinit_identities = PKCS11:/path_to_my_smartcardlib
Just of curiousity ive runned kinit with strace and tried to look for
calls to that lib,
but i cant see anything at all relating to that smartcardlib.
My working config, with pkinit-nss plugin is as follows,
allow_pkinit = yes
pkinit = {
pkinit_cert_match = condition
pkinit_kdc_hostnamepkinit_eku_checking
is_hw = yes
}
Again, sorry if im missing something, any help appriciated.
Best Regards,
Patrik Martinsson, Sweden.
More information about the Kerberos
mailing list