Crypto backends for MIT Kerberos V5
Greg Hudson
ghudson at MIT.EDU
Tue Apr 15 00:26:51 EDT 2014
On 04/14/2014 07:41 AM, Arpit Srivastava wrote:
> 1. Is built-in crypto backend enough for PKINIT to work or do we need
> anything else in addition for that ?
PKINIT uses OpenSSL (by default) or NSS (if explicitly built that way)
for public-key crypto operations. It uses libk5crypto for RFC 3961
operations, and any of the libk5crypto modules is fine for that.
> 2. Has built-in crypto backend been tested against vulnerabilities and
> how abt support offered by the community if any issue related to builtin
> crypto backend is reported in future ?
It's the default module and is used by most downstream distributors
(with the exception of Solaris), so it receives plenty of testing and
support.
More information about the Kerberos
mailing list