I don't have a RHN id to pull current RHEL images. I have an old beta of RHEL5, but that was a long time ago.
I'd be more than happy to contribute to OSSG; feel free to add this address to the mailing list.
-- Tim On Feb 4, 2008, at 1:59 PM, Aaron Lippold wrote:
Hi, That sounds great. I'd love to get that on the DISA OSSG page as well when you get some details worked out. I assuming you are working primarily with the RHCS and RHEL5 / Fedora 6+/8 spins? If you can, checkout http://ossg.disa.mil I have been hoping to get Mitre more connected to my work at DISA. Aaron On Feb 4, 2008 9:56 AM, Timothy J Miller <tmiller@xxxxxxxxx> wrote:On Feb 4, 2008, at 8:02 AM, Todd Denniston wrote:You are using CAC with kerberos then? mind sharing a recipe, or a pointer to one, for hooking CAC/PKCS11 into kerberos?You need MIT Kerberos 1.6.3 or later, or Heimdal 1.x + some patches (which I'm still working out on the heimdal-discuss mailing list). You'll also need the most recent pam_krb5 and (obviously) a working PKCS11 module. That's about it. Once you have Kerberos working with a password against AD, swapping over to PKINIT is pretty simple (assuming PKINIT is working in AD to start). The only real gotcha is in selecting the email signing cert from the CAC (which is the only one AD will accept); MIT makes this relatively easy, but Heimdal needed a fix (which I wrote, but I had to alter an internal API which the primary heimdal developer wasn't keen on doing, so I'm reworking it). I'm also working on a MITRE technical report that will cover all this in detail (with configurations) to be delivered to my sponsor, after which it should be easy to get it into other DoD hands. -- Tim _______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel