pkinit slotid=N ?

Jeffrey Altman jaltman at
Wed Jan 9 10:52:34 EST 2008

Given the way that PKCS#11 is specified, the only thing that you can 
count on is that there may be one or more slots containing one or more 
certificates.  You cannot count on what certs are available, in what 
slot or in what order.  Its up to the application that calls PKCS#11 to 
enumerate all of the available certificates and to:

(a) maintain a database of certs for a given usage

(b) implement a set of mapping rules that can be used to select the 
appropriate cert for the desired usage

(c) prompt the user and let the user decide

slot and cert IDs are ephemeral identifiers which are only useful during 
a single PKCS#11 session.  If implementing (a) do not map certs in the 
database by slot and cert ID.

Jeffrey Altman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url :

More information about the krbdev mailing list