Recommended PKINIT Plug-In for Leopard?
Alexandra Ellwood
lxs at MIT.EDU
Thu Apr 24 11:47:36 EDT 2008
On Apr 23, 2008, at 11:49 PM, Henry B. Hotz wrote:
> I can follow the UMICH links to a version that was to be integrated
> into the MIT distribution, and supposedly worked with 1.6.x. If I can
> figure out how to get 1.7 development versions then I assume there is
> a version in there somewhere. OSX 10.5.2 (current release) says it
> includes "Kerberos 5 release 1.6.2-postrelease".
>
> If I want to experiment with a PKINIT plugin that should work in
> 10.5.x, which version from where is recommended?
>
> (Heimdal PKINIT works just fine on OSX 10.5, but I have too much
> respect for the MIT distribution to want to wholesale replace it if I
> don't need to.)
Mac OS X Leopard has its own pkinit implementation written by Apple
which does not use the plugin architecture. If you are interested in
using Apple's pkinit, look at how Back To My Mac stores its
credentials. It is using pkinit.
While I am not overly familiar with Apple's pkinit implementation, I
believe it overrides any pkinit plugins. So while you could build
your own pkinit plugin, it probably wouldn't actually get run by the
libraries that ship with Leopard.
--lxs
Alexandra Ellwood <lxs at mit.edu>
MIT Kerberos Consortium
<http://mit.edu/lxs/www>
More information about the krbdev
mailing list