Pkinit with smartcard faiulure
Douglas E. Engert
deengert at anl.gov
Fri Dec 1 15:06:49 EST 2006
Olga Kornievskaia wrote:
> working on a fix right now. you probably changed the protocol from DH to
> RSA?
I did not touch anything. Its whatever the W2K3 KDC wanted.
I am testing with the same krb5.conf that works with the Heimdal pkinit,
but I don't see anywhere in your code yet where it uses any of these parameters.
If so, then we just realized that RSA pkinit doesn't work with a
> smartcard at this point (but will be working soon).
Let me know, and I can test it again.
>
> Douglas E. Engert wrote:
>
>>pkinit_lib.c at line 771 calls PKCS_decrypt with pkey = NULL.
>>
>>This is when using a Smartcard, Looks you need some more
>>PKCS#11 calls here, to use the key on the card.
>>
>>SVN revision 18893, Ubuntu edgy, OpenSSL-0.9.8, OpenSC-0.11.1
>>PIV beta card, with Windows certificate. KDC is W2K3.
>>
>>
>>
>>
>>
>
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the krbdev
mailing list