Re: Authenticating on kerberos via certifates
- From: "Douglas E. Engert" <deengert@xxxxxxx>
- Date: Thu, 10 Jan 2008 09:06:46 -0600
Andrea wrote:
Hi all,
I'm facing with this problem:
I have a working authentication configure system that uses Kerberos
for authentication. The credentials that have to be passed in order to
obtain a TGT are username and password. Now I'm looking for some hint
on how to authenticate on kerberos through certificates like X.509.
This is what I want:
Let's assume that an user has a valid certificate created by a CA. The
user can authenticate himself without prompting any user/pwd but just
having the certificate. According to you is it possible to construct
an intermediate layer between the user and kerberos which maps the
certificates in credentials allowing Kerberos to authenticate the user
himself.
Yes, that is called PKINIT, Heimdal and MIT have just introduced this
late last year. Windows has also supported this since W2000, as smart
card login. All three have clients and KDCs, and can intreroperate.
On Unix for login at the console you will also need a pam_krb5 like
http://www.eyrie.org/~eagle/software/pam-krb5/
Usually the certificate and private key are on a smartcard. So also see
http://www.opensc-project.org/
Thanks in advance,
Andrea
________________________________________________
Kerberos mailing list Kerberos@xxxxxxx
https://mailman.mit.edu/mailman/listinfo/kerberos
--
Douglas E. Engert <DEEngert@xxxxxxx>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
.
- References:
- Authenticating on kerberos via certifates
- From: Andrea
- Authenticating on kerberos via certifates
- Prev by Date: Re: Heimdal KDC, Windows XP and local users
- Next by Date: Re: Authenticating on kerberos via certifates
- Previous by thread: Authenticating on kerberos via certifates
- Next by thread: Re: Authenticating on kerberos via certifates
- Index(es):
Relevant Pages
|
