README
1
2Heimdal is a Kerberos 5 implementation.
3
4For information how to install see <http://www.h5l.org/compile.html>.
5
6There are briefer man pages for most of the commands.
7
8Bug reports and bugs are appreciated, see more under Bug reports in
9the manual on how we prefer them: <heimdal-bugs@h5l.org>.
10
11For more information see the web-page at
12<http://www.h5l.org/> or the mailing lists:
13
14heimdal-announce@sics.se low-volume announcement
15heimdal-discuss@sics.se high-volume discussion
16
17send a mail to heimdal-announce-request@sics.se and
18heimdal-discuss-request@sics.se respectively to subscribe.
19
README.fast
1
2-- in order of preference
3
4- client: plugin support for fast plugins
5
6- kdc: plugin support for fast plugins
7 partly done with "struct kdc_patypes"
8
9- kcm: support FAST armor ticket
10-- using PK-INIT anonymous
11-- using host key
12
README.pku2u
1draft comments:
2
3- tag for nameNotInCert (GeneralName is a choice)
4
5- TargetName.exportedTargName have spelling error on OCTET STRING
6
7- padata number is wrong (page 13)
8
9still missing:
10
11- storing credentials so we can skip pku2u
12- mapping server names into kerberos name
13- setting target asserted name
14- Make target name have a real meaning
15- Implemement GSS_C_NT_DN
16- Verify ad-pku2u-client-name in acceptor
17
18How to try:
19
20- sudo dscl . append /Users/lha RecordName 'description=MobileMe Sharing Certificate,CN=bitcollector,OU=me.com,O=Apple Inc.,C=US'
21
22- sudo chmod 644 /etc/krb5.keytab
23
24- /usr/local/libexec/heimdal/bin/test_context --mech-type=PKU2U --mutual-auth --wrap service@host
25
26
27
28sudo dscl . append /Users/lha RecordName 55D20C14EE9EB4C41962801D1AD88AD7ACF34D72
29sudo dscl . append /Users/lha dsAttrTypeStandard:AltSecurityIdentities 'X509:<T>CN=Apple Root Certificate Authority,OU=Apple Computer Certificate Authority,O=Apple Computer\, Inc.,C=US<S>description=MobileMe Sharing Certificate,CN=bitcollector,OU=me.com,O=Apple Inc.,C=US'
30