WinXP/PKINIT/samrt Card/MIT Kerberos

JAKOBI Pascal pascal.jakobi at
Thu Apr 28 13:16:36 EDT 2011

Hi gents

I currently run a KDC on a Linux box that serves perfectly Fedora 
clients with X.509 certificates (through PKINIT) as well as WinXP 
clients with passwords.

However, my ultimate goal is to have my linux KDC serve WinXP clients 
with certificates stored on Smart Cards (no AD server anymore).

I tried first to install a middleware that interfaces with ther standard 
GINA. However, the solution does not work because, the client system has 
to be part of a domain (thus you need an AD server, which I want to 
avoid installing).

So I am wondering if there are solutions for what I want to achieve. Can 
pGina interface with MIT Kerberos ? I could not find any plugin. Should 
I use the pGina/PAM plugin and install pam_krb5 on my Linux/krb5 server ?

Thanks for advising - I am totally lost !

More information about the Kerberos mailing list