[27321] in Kerberos

home help back first fref pref prev next nref lref last post

Re: One Time Identification, a request for comments/testing.

daemon@ATHENA.MIT.EDU (Nicolas Williams)
Wed Jan 31 16:18:03 2007

Date: Wed, 31 Jan 2007 15:17:07 -0600
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Andrew Bartlett <abartlet@samba.org>
Message-ID: <20070131211706.GM28618@binky.Central.Sun.COM>
Mail-Followup-To: Andrew Bartlett <abartlet@samba.org>,
	Sam Hartman <hartmans@mit.edu>, dev@directory.apache.org,
	krbdev@mit.edu, g.w@hurderos.org, kerberos@mit.edu
Mime-Version: 1.0
Content-Disposition: inline
In-Reply-To: <1170276707.8708.11.camel@amy.samba4.abartlet.net>
Cc: dev@directory.apache.org, Sam Hartman <hartmans@mit.edu>, g.w@hurderos.org,
   krbdev@mit.edu, kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

On Thu, Feb 01, 2007 at 07:51:47AM +1100, Andrew Bartlett wrote:
> I think developing a cross-platform USB 'tumb drive' based soft token
> would be an immense benefit.  It could make PKINIT real for many small
> sites that do not yet wish to invest in a token stack, and perhaps more
> importantly, make PKINIT and smart-card login something that developers
> and interested technical users can test with resources to hand.

What do you mean by "cross-platform"?

OpenSolaris has an OSS (CDDL'ed) PKCS#11 softtoken provider that does
pretty much what you want.  It stores its files in a filesystem, by
default in a sub-directory of the user's home directory; filesystem type
does not matter.  Since you can put filesystems on a USB flash drive
that should suffice for a "cross-platform" softtoken.

The specifics of the Solaris softtoken's directory layout and file
formats are project private interfaces IIRC, but if there's interest I
imagine that we could document them, make them committed public
interfaces and help establish a standard for a cross-platform softtoken.

Nico
-- 
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post