Re: [Opensc-devel] kerberos

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Thu, 2018-01-25 at 12:37 +0000, J.W...@mi... wrote:
> Hi all,
> 
> Is there anyone around here who tried toget a kerberos ticket based
> on certs/keys on a smartcard?
> 
> According to all man-pages, I need:
> PKCS11:[module_name=]modname[:slotid=slot-id][:token=token-
> label][:certid=cert-id][:certlabel=cert-label]
> 
> And with pkcs11-tool, I think I know the values of the fields.
> 
> But HOW / WHERE to include the "PKCS11:...." String into
> /etc/krb5.conf

The PKCS11: prefix is used in krb5.conf wherever you want to reference
a private key, certificate from that configuration file. This is useful
for pkinit_* options, which take this argument (or argument with FILE:
prefix).

You usually want to use it with  pkinit_identities  option, or even 
pkinit_anchors, if your CA certificate is in the PKCS#11 device.

Regards,
-- 
Jakub Jelen
Software Engineer
Security Technologies
Red Hat, Inc.

Re: [Opensc-devel] kerberos

OpenSC - tools and libraries for smart cards

Re: [Opensc-devel] kerberos