Re: Cool-Key on Solaris

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



That sounds great. I'd love to get that on the DISA OSSG page as well
when you get some details worked out.

I assuming you are working primarily with the RHCS and RHEL5 / Fedora
6+/8 spins?

If you can, checkout

I have been hoping to get Mitre more connected to my work at DISA.


On Feb 4, 2008 9:56 AM, Timothy J Miller <tmiller@xxxxxxxxx> wrote:
> On Feb 4, 2008, at 8:02 AM, Todd Denniston wrote:
> > You are using CAC with kerberos then?
> > mind sharing a recipe, or a pointer to one, for hooking CAC/PKCS11
> > into kerberos?
> You need MIT Kerberos 1.6.3 or later, or Heimdal 1.x + some patches
> (which I'm still working out on the heimdal-discuss mailing list).
> You'll also need the most recent pam_krb5 and (obviously) a working
> PKCS11 module.
> That's about it.  Once you have Kerberos working with a password
> against AD, swapping over to PKINIT is pretty simple (assuming PKINIT
> is working in AD to start).  The only real gotcha is in selecting the
> email signing cert from the CAC (which is the only one AD will
> accept); MIT makes this relatively easy, but Heimdal needed a fix
> (which I wrote, but I had to alter an internal API which the primary
> heimdal developer wasn't keen on doing, so I'm reworking it).
> I'm also working on a MITRE technical report that will cover all this
> in detail (with configurations) to be delivered to my sponsor, after
> which it should be easy to get it into other DoD hands.
> -- Tim
> _______________________________________________
> Coolkey-devel mailing list
> Coolkey-devel@xxxxxxxxxx

Coolkey-devel mailing list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux