Alberto Fondi <[EMAIL PROTECTED]> writes: > Hi, > > we have proved shishi in our organization and, even if it is in > development, it seems to be a very good program. In particular my > chief very like the features about authentication codified with > certificates. However we want to ask if it could be possibile and if > it is in program an authentication directly through certificates, > where the user autenticates himself without providing a password, but > using only his certificate.
Hi Alberto! That is currently not possible, but what you describe is exactly what the goal here is. It should be possible to use X.509 client certificates or OpenPGP keys to get a Kerberos ticket. I hope to be able to work on this in the winter. It is not much work required to make this work, I expect a few weeks of development work for me including documentation and testing etc. Essentially what is missing is that the user database Shisa map a X.509 certificates or OpenPGP keys to a Kerberos principal, and that shishid use that information and send the AP-REP using NULL encryption in the TLS authenticated channel. Btw, let me know if you run into any problem or feel the documentation is unclear somehow. You are one of the earliest users, so all feedback is very valuable. /Simon _______________________________________________ Help-shishi mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-shishi
