Personal email. hbh...@oxy.edu
> On Jan 23, 2017, at 9:05 AM, Renyao Wei <ren...@vidaidentity.com> wrote:
> Hi everyone,
> We are new to Heimdal and are trying to figure out setting up Heimdal with
> PKINIT. A quick Google search pointed me to this site
> (http://www.h5l.org/manual/heimdal-1-2-branch/info/heimdal.html) but I failed
> to get a ticket with certificates. It will be greatly appreciated if you can
> point me to some instructions.
AFAIK nothing's changed for setup.
> Secondly, we want to use ECC certificates for PKINIT. Is there a list of
> supported curves for the crypto library Heimdal is using? It seems like it is
> not using openssl.
I think some stuff is supported in hcrypto, but best to use OpenSSL. You can
use ldd to verify it's linked.
> Lastly, we have been working with MIT Kerberos PKINIT. Is Heimdal KDC
> compatible with MIT Kerberos kinit? We intend to use MIT Kerberos kinit and
> Heimdal KDC.
They are wire compatible, though perhaps not all options may be supported. I've
used MIT clients with Heimdal. The biggest issue is that the config options are
completely disjoint. Also the MIT options are case sensitive and may not give
you any error messages.