pkinit slotid=N ?
Nicolas.Williams at sun.com
Thu Jan 10 15:53:30 EST 2008
On Thu, Jan 10, 2008 at 02:23:51PM -0600, Douglas E. Engert wrote:
> Nicolas Williams wrote:
> > The Solaris libpkcs11 is, indeed, pluggable (you have to get a cert
> > issued to you by Sun for code signing your PKCS#11 plug-ins).
> Good. So how would that work for OpenSC, that is source code,
> and might be compiled localy. Is this like what Microsoft used to do
> with CSPs?
I don't know enough about what "Microsoft used to do with CSPs". I've
posted links to the relevant chapters of the Solaris Security for
Developers Guide before. Short answer: yes, you should be able to use
third-party PKCS#11 modules through Solaris' libpkcs11, though you have
to have them signed, and you can get your own code signing certificates
issued by Sun as described in that Guide.
More information about the krbdev