WinXP/PKINIT/samrt Card/MIT Kerberos
pascal.jakobi at thalesgroup.com
Thu Apr 28 13:16:36 EDT 2011
I currently run a KDC on a Linux box that serves perfectly Fedora
clients with X.509 certificates (through PKINIT) as well as WinXP
clients with passwords.
However, my ultimate goal is to have my linux KDC serve WinXP clients
with certificates stored on Smart Cards (no AD server anymore).
I tried first to install a middleware that interfaces with ther standard
GINA. However, the solution does not work because, the client system has
to be part of a domain (thus you need an AD server, which I want to
So I am wondering if there are solutions for what I want to achieve. Can
pGina interface with MIT Kerberos ? I could not find any plugin. Should
I use the pGina/PAM plugin and install pam_krb5 on my Linux/krb5 server ?
Thanks for advising - I am totally lost !
More information about the Kerberos