pkinit for heimdal

This work is based on the patch from METACentrum by Petr Holub and Daniel Kouril.

How to build and setup

PK-INIT is now enabled by default in the current snapshots. Please use OpenSSL 0.9.8a or later, its faster then the internal libhcrypto.

get latest current snapshot (that is w/o 0.6 or 0.7 in the name).
run configure
run make
Read the Setup PK-INIT section in the manual on how to setup and use PK-INIT.

Example

: lha@nutcracker ; kinit -C FILE:/secure/lha/l.nxs.se/CA/lha.crt,/secure/lha/l.nxs.se/CA/lha.key lha@N.L.NXS.SE
Enter your private key passphrase: 
: lha@nutcracker ; ./kinit -C PKCS11:/tmp/pkcs11/lib/soft-pkcs11.so lha@N.L.NXS.SE
PIN code for SoftToken (slot): 
: lha@nutcracker ; klist
Credentials cache: FILE:/tmp/krb5cc_19100a
        Principal: lha@N.L.NXS.SE

  Issued           Expires          Principal                 
Apr 20 02:08:08  Apr 20 12:08:08  krbtgt/N.L.NXS.SE@N.L.NXS.SE

Stuff that you might find useful

soft-token a software pkcs11 token.
gpkcs11 another software pkcs11 token.
OpenSC and OpenCT SmartCard library and applications with support for PKCS #15 compatible cards.
PCSC light Middleware to access a smart card using SCard API (PC/SC).
MUSCLE Movement for the use of smart cards in a Linux environment (M.U.S.C.L.E.).