Nicolas.Williams at sun.com
Thu Dec 14 11:28:26 EST 2006
On Wed, Dec 13, 2006 at 05:32:37PM -0600, Douglas E. Engert wrote:
> More on the Solaris /usr/lib/libpkcs11.so ...
> Nicolas Williams wrote:
> >On Wed, Dec 13, 2006 at 03:50:02PM -0600, Douglas E. Engert wrote:
> >>>If the OS ships with a PKCS#11 implementation, then use that as the
> >>>default. (Solaris 10+, for example, has /usr/lib/libpkcs11.so.)
> >Wow... what? It's been there for a while...
> >> But this is not a smartcard interface as best as I can tell,
> >>it is a crypto provider for interal use only. If it can use a smartcard,
> >>please correct me if I am wrong!
> >Oh no, it's a smartcard interface too. There are multiple providers.
> Great, Which providers?
Ah, no, it supports HW tokens that include drivers for it (and Sun ships
several such boards), but no smartcards.
However, the OpenSC PKCS#11 provider is known to work through libpkcs11;
you just have to request a certificate for signing it (see my other
e-mail just now).
More information about the krbdev