On 7/2/07, Jim Rees <[EMAIL PROTECTED]> wrote: > We do something like this to translate kerberos tickets into cert/key usable > from pkcs11. But it only makes sense if you have some way to convince the > CA that it should sign the keypair and issue a cert. In our case that's > kerberos. Otherwise, how can anyone trust the cert?
But Kerberos is weaker than PKI in term of authentication. You can use PKI in order to authenticate to Kerberos. So you have static certificate for user and dynamic authorization using kerberos. Alon. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
