kwc at citi.umich.edu
Mon Dec 11 22:39:29 EST 2006
On 12/8/06, Douglas E. Engert <deengert at anl.gov> wrote:
> I dont see the updates I got the original source using:
> snv checkout svn://anonsvn.mit.edu/krb5/users/coffman/pkinit
I've updated my pkinit branch with the get_init_creds_opt_set_pa()
changes, as well as other changes. Here is the commit message:
Pull in changes for the extended get_init_creds_opt structure.
Pull in changes to add get_init_creds_opt_set_pa(),
get_init_creds_opt_get_pa(), and get_init_creds_opt_free_pa()
Change client interface to pass in the get_init_creds_opt structure
to the process and tryagain functions.
Pull in changes to kinit to pass preauth options entered with "-X"
Create typedefs for all the preauth plugin client and server
interface functions and use them. Eliminates mismatches
and enables better type checking of the interface paremeters.
Add *temporary* code to client side of pkinit to handle preauth options
and set the appropriate environment variables.
(Currently only X509_user_identity, X509_anchors, and
flag_RSA_PROTOCOL are handled.)
Add code to use krb5int_accessor to obtain pointers to internal functions
for ASN.1 encode/decode routines rather than exporting them from
Various updates and improvements in the pkinit smartcard code.
Doug, this includes the heimdal compatibility function, but I'm not
sure you can depend on it being there long-term. The pkinit code
currently only handles X509_user_identity, X509_anchors, and the
The server still requires environment variables for now, but the
client can be run with something like the following:
/kinit -X X509_user_identity=FILE:/tmp/x509up_u20010,/tmp/x509up_u20010 \
-X X509_anchors=/etc/grid-security/certificates \
kwc at KWCTEST.CITI.UMICH.EDU
More information about the krbdev