pkinit and smart cards
Douglas E. Engert
deengert at anl.gov
Mon May 24 10:19:11 EDT 2010
ben wrote:
> Hello,
> I am wanting to play around with smart card authentication and PGP
> key storage, and hoping for some advice. All the examples that I have
> seen for smart card login for linux appear to use a java card, or are
> vague. The only example for PGP I have seen uses the basic card, and I
> have not found any examples for use with pkinit. my current Sandbox
> configuration is built around MIT's kerberos distribution (debian
> stable), but as I am still expermenting at this stage if another
> platform has better suport, I'm willing to look at options.
>
> thanks for your time and sugestions,
PKINIT is designed to use PKI, with certificates issued by a CA
trusted by the Kerberos KDC. So in effect you login to the KDC,
that the local machine trusts.
You may also want to look at Muscle: http://www.musclecard.com/
that has an applet for smartcards, and OpenSC:
http://www.opensc-project.org/opensc
http://www.opensc-project.org/cgi-bin/mailman/listinfo
that has support for many cards and has a pam_pkcs11 that
might work with PGP authentication to a local machine.
Ask on the OpenSC mail list.
> ben
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list