Mark Sirota wrote:
--On November 17, 2005 6:49:22 AM +0000 Jeffrey Altman
<[EMAIL PROTECTED]> wrote:
The CITI group at UMichigan also has a project that allows you to
use a Kerberos service ticket to obtain an X.509 certificate with
the same lifetime as the Kerberos ticket.
Assuming I'm thinking of the same project, this is called "KX.509". We
worked with it extensively here at Penn, hoping to make it our new standard
for web-based authentication.
We made considerable progress and submitted our patches back to Michigan,
but we never deployed into production because there isn't enough browser
support for client-side X.509 certificates. For non-web applications, this
might be more suitable.
There is browser support! Along with the UMich Kx509 that works with
the IE there is the kpkcs11 for all the others browsers. This implements
a PKCS11 Security device plugin, and it works on Unix or Windows with
Netscape, Mozilla or any other browser that can use smatcards
via a PKCS11 plugin. It should also work on a Mac too.
Mark
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
