On Wed, 2007-01-31 at 15:17 -0600, Nicolas Williams wrote: > On Thu, Feb 01, 2007 at 07:51:47AM +1100, Andrew Bartlett wrote: > > I think developing a cross-platform USB 'tumb drive' based soft token > > would be an immense benefit. It could make PKINIT real for many small > > sites that do not yet wish to invest in a token stack, and perhaps more > > importantly, make PKINIT and smart-card login something that developers > > and interested technical users can test with resources to hand. > > What do you mean by "cross-platform"?
Works with windows desktops too :-) > OpenSolaris has an OSS (CDDL'ed) PKCS#11 softtoken provider that does > pretty much what you want. It stores its files in a filesystem, by > default in a sub-directory of the user's home directory; filesystem type > does not matter. Since you can put filesystems on a USB flash drive > that should suffice for a "cross-platform" softtoken. > > The specifics of the Solaris softtoken's directory layout and file > formats are project private interfaces IIRC, but if there's interest I > imagine that we could document them, make them committed public > interfaces and help establish a standard for a cross-platform softtoken. Love also has a PKCS#11 softtoken. The details that I think might need work are integration so that the logon systems on various platforms 'know' that the token is there, and the softtoken driver should be used. Andrew Bartlett -- Andrew Bartlett <[EMAIL PROTECTED]>
signature.asc
Description: This is a digitally signed message part
