One Time Identification, a request for comments/testing.

Andrew Bartlett abartlet at
Wed Jan 31 16:21:49 EST 2007

On Wed, 2007-01-31 at 15:17 -0600, Nicolas Williams wrote:
> On Thu, Feb 01, 2007 at 07:51:47AM +1100, Andrew Bartlett wrote:
> > I think developing a cross-platform USB 'tumb drive' based soft token
> > would be an immense benefit.  It could make PKINIT real for many small
> > sites that do not yet wish to invest in a token stack, and perhaps more
> > importantly, make PKINIT and smart-card login something that developers
> > and interested technical users can test with resources to hand.
> What do you mean by "cross-platform"?

Works with windows desktops too :-)

> OpenSolaris has an OSS (CDDL'ed) PKCS#11 softtoken provider that does
> pretty much what you want.  It stores its files in a filesystem, by
> default in a sub-directory of the user's home directory; filesystem type
> does not matter.  Since you can put filesystems on a USB flash drive
> that should suffice for a "cross-platform" softtoken.
> The specifics of the Solaris softtoken's directory layout and file
> formats are project private interfaces IIRC, but if there's interest I
> imagine that we could document them, make them committed public
> interfaces and help establish a standard for a cross-platform softtoken.

Love also has a PKCS#11 softtoken.  The details that I think might need
work are integration so that the logon systems on various platforms
'know' that the token is there, and the softtoken driver should be used.

Andrew Bartlett

Andrew Bartlett <abartlet at>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the krbdev mailing list