Andrea wrote: > Hi all, > I'm facing with this problem: > > I have a working authentication configure system that uses Kerberos > for authentication. The credentials that have to be passed in order to > obtain a TGT are username and password. Now I'm looking for some hint > on how to authenticate on kerberos through certificates like X.509. > > This is what I want: > > Let's assume that an user has a valid certificate created by a CA. The > user can authenticate himself without prompting any user/pwd but just > having the certificate. According to you is it possible to construct > an intermediate layer between the user and kerberos which maps the > certificates in credentials allowing Kerberos to authenticate the user > himself.
Yes, that is called PKINIT, Heimdal and MIT have just introduced this late last year. Windows has also supported this since W2000, as smart card login. All three have clients and KDCs, and can intreroperate. On Unix for login at the console you will also need a pam_krb5 like http://www.eyrie.org/~eagle/software/pam-krb5/ Usually the certificate and private key are on a smartcard. So also see http://www.opensc-project.org/ > > Thanks in advance, > Andrea > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > > -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
