On 11 May 2011, at 2:08 PM, Technical Support wrote: > One of our Army clients (USAMITC) is asking if we know of any Unix based SSH > client and or server which will support CAC certificate based authentication > other then Tectia. Are you aware of any?
I think openssh supports keys retrieved using PKCS11, and I think there are PKCS11 drivers for CAC readers (eg OpenSC). Some time ago I experimented with adding PIV card support to ssh-agent via an openssl ENGINE that talked to Apple's CDSA implementation--- this would presumably also work with CAC cards. It worked fine, but I never polished it to a releasable state. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
