I have had success with PK-INIT using a Windows KDC after building a proper SAN for the KDC cert. I am using attribute matching for SmartCard login. https://github.com/tburgin/SANBuilder I have not tried with an Open Directory server... Sent from my iPhone
On Aug 30, 2015, at 9:22 PM, Glenn Machin <gmachin@sandia.gov> wrote:
The only way I can see a Kerberos AS_REQ using PKINIT is using the command line "kinit -C KEYCHAIN:".
Has anyone got PKINIT working via OpenDirectory during login or via pam modules (pam_opendirectory or pam_krb5)?
Shame I don't see Apple publishing documents describing how to enable pkinit given federal government requirements for use of smartcards. Seems like its the users helping users, while Apple keeps quiet.
Appreciate any help.
Glenn
_______________________________________________ SmartcardServices-Users mailing list SmartcardServices-Users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/smartcardservices-users