Support for PKINIT on Windows now available in MIT Kerberos
Ken Hornstein
kenh at cmf.nrl.navy.mil
Thu Feb 27 17:59:28 EST 2025
(Since a few people have asked about this over the years, I felt it was
worth an announcement).
I am pleased to report that MIT Kerberos now supports PKINIT on the
Windows platform. The technical details of this can be found in the
pull request here:
https://github.com/krb5/krb5/pull/1401
This means that with a PKCS#11 library and the appropriate client
configuration one can use a smartcard to authenticate with MIT Kerberos.
I have tested this support with a PIV card and both the OpenSC and
ActivClient PKCS#11 libraries.
Right now this support is only on the 'master' branch of MIT Kerberos
and you will have to build MIT Kerberos from source to utilize it;
the build directions are in the source tree under src/windows/README.
Thanks to Greg Hudson working with me to push this across the finish line.
--Ken
More information about the Kerberos
mailing list