Lippold, Aaron L CIV DISA PEO-GES wrote:
Classification: UNCLASSIFIED Caveats: NONENalin Dahyabhai at redhat did the work to put pkinit into MIT kerberos. He's working with uMich to merge their changes with his for MIT.Hi, Bob Lord and Rob Relyea at RedHat have already PKI enable pkinit. Theywere, last time I checked, working on getting it pushed up stream.
I would definitely be interested in the problems you have with applications and Coolkey. Especially since I work on both sides of this issue for NSS applications (which include firefox/thunberbird/ and Nalin's mit pkinit code.Rob, can you fill us in on how PKI pkinit is going and where we can get the bits if they are not in the last CoolKey release. Thanks,AaronGreetings!I am a developer/user of Linux CAC (as well as other Unixes). I am currently working to integrate CAC with Kerberos (using pkinit from UMich). I have found that CAC support for Linux (with ActivCard, CoolKey, and even MacOS) is, well, pretty bad. I am trying to get applications to use the PKCS11 interface and each implementation has errors, inconsistencies, and sometimes, just flat out lies to you!
You can write bugs directly against coolkey by going here: https://bugzilla.redhat.com/bugzilla/enter_bug.cgi?product=Fedora%20Core&version=devel&component=coolkey bob
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel
