directory-kerby mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Mueller <muell...@vmware.com>
Subject pkinit
Date Mon, 10 Aug 2015 20:35:47 GMT
Hi Jiajia, 

Finally digging into the pkinit support in ernest. I've checked out the
pkinit-support branch and built it successfully.  Saw the
WithCertKdcTest.testKdc test method and uncommented out the @Test so I
could start running the test. This helped to show some of the pieces that
are missing. 

Do you have a list of what's working and what isn't?
Also, do you have any writeup on the intended design?

For example, on the client side I see subclasses for each preauth type
(AsRequestWithCert, AsRequestWithPassword, etc.) but on the server side
there is just the server.request.AsRequest class that appears to be
handling multiple preauth types. Also, I see the PkinitPreauth class that
isn't hooked into the default server. Is the intent that it eventually
will be?  Or is PKINIT support something that will need to be configured
in. 

Thanks. 
Tom







Mime
View raw message