[SmartcardServices-Users] Pkinit working on MacOSX 10.9.5 or 10.10?
Burgin, Thomas (NIH/NIMH) [C]
thomas.burgin at nih.gov
Sun Aug 30 20:12:49 PDT 2015
I have had success with PK-INIT using a Windows KDC after building a proper SAN for the KDC cert. I am using attribute matching for SmartCard login.
https://github.com/tburgin/SANBuilder
I have not tried with an Open Directory server...
Sent from my iPhone
> On Aug 30, 2015, at 9:22 PM, Glenn Machin <gmachin at sandia.gov> wrote:
>
>
> The only way I can see a Kerberos AS_REQ using PKINIT is using the command line "kinit -C KEYCHAIN:".
>
>
> Has anyone got PKINIT working via OpenDirectory during login or via pam modules (pam_opendirectory or pam_krb5)?
>
> Shame I don't see Apple publishing documents describing how to enable pkinit given federal government requirements for use of smartcards.
> Seems like its the users helping users, while Apple keeps quiet.
>
>
> Appreciate any help.
>
>
>
> Glenn
>
> _______________________________________________
> SmartcardServices-Users mailing list
> SmartcardServices-Users at lists.macosforge.org
> https://lists.macosforge.org/mailman/listinfo/smartcardservices-users
More information about the SmartcardServices-Users
mailing list