pkinit updates

Nicolas Williams Nicolas.Williams at
Thu Dec 14 11:24:51 EST 2006

On Wed, Dec 13, 2006 at 05:55:36PM -0600, Douglas E. Engert wrote:
> Douglas E. Engert wrote:
> >I will have to try the OpenSC pkcs11-tool --module /usr/lib/
> >after I build it tonight.
> Well it built sooner then expected:

I'm told it does work, yes.

> It has one slot, with a token labeled "Sun Metaslot"  with lots
> of methods, but no keys, certs or other objects.

Yes.  Perhaps I've misunderstood the purpose of token labels.

> Its a start. Now how can I get an OpenSC signed
> and called?

See the URL I quoted earlier:

First, generate a certificate request:

% elfsign request -k private-keyfile -r certificate-request
<interactive questionaire>

then send the certreq to solaris-crypto-req at; when you get the
cert back from Sun just place it in /etc/crypto/certs and sign the

% elfsign sign -k private-keyfile -c Sun-certificate -e provider-object

and install the module.

> P.S. Who assigned the token label?

Right, either I misunderstood the purpose of token labels or this is a
bug -- I'm betting on the former.


More information about the krbdev mailing list