One Time Identification, a request for comments/testing.
Nicolas.Williams at sun.com
Wed Jan 31 16:17:07 EST 2007
On Thu, Feb 01, 2007 at 07:51:47AM +1100, Andrew Bartlett wrote:
> I think developing a cross-platform USB 'tumb drive' based soft token
> would be an immense benefit. It could make PKINIT real for many small
> sites that do not yet wish to invest in a token stack, and perhaps more
> importantly, make PKINIT and smart-card login something that developers
> and interested technical users can test with resources to hand.
What do you mean by "cross-platform"?
OpenSolaris has an OSS (CDDL'ed) PKCS#11 softtoken provider that does
pretty much what you want. It stores its files in a filesystem, by
default in a sub-directory of the user's home directory; filesystem type
does not matter. Since you can put filesystems on a USB flash drive
that should suffice for a "cross-platform" softtoken.
The specifics of the Solaris softtoken's directory layout and file
formats are project private interfaces IIRC, but if there's interest I
imagine that we could document them, make them committed public
interfaces and help establish a standard for a cross-platform softtoken.
More information about the krbdev