Re: Hello to the list (UNCLASSIFIED)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Lippold, Aaron L CIV DISA PEO-GES wrote:
Classification: UNCLASSIFIED Caveats: NONE


Bob Lord and Rob Relyea at RedHat have already PKI enable pkinit. They
were, last time I checked, working on getting it pushed up stream.
Nalin Dahyabhai at redhat did the work to put pkinit into MIT kerberos. He's working with uMich to merge their changes with his for MIT.
Rob, can you fill us in on how PKI pkinit is going and where we can get
the bits if they are not in the last CoolKey release.



I am a developer/user of Linux CAC (as well as other Unixes). I am currently working to integrate CAC with Kerberos (using pkinit from UMich). I have found that CAC support for Linux (with ActivCard, CoolKey, and even MacOS) is, well, pretty bad. I am trying to get applications to use the PKCS11 interface and each implementation has errors, inconsistencies, and sometimes, just flat out lies to you!
I would definitely be interested in the problems you have with applications and Coolkey. Especially since I work on both sides of this issue for NSS applications (which include firefox/thunberbird/ and Nalin's mit pkinit code.

You can write bugs directly against coolkey by going here:


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Coolkey-devel mailing list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux