mirror of
https://github.com/darlinghq/darling-Heimdal.git
synced 2024-11-23 12:19:41 +00:00
30 lines
1.0 KiB
Plaintext
30 lines
1.0 KiB
Plaintext
|
draft comments:
|
||
|
|
|
||
|
|
- tag for nameNotInCert (GeneralName is a choice)
|
||
|
|
|
||
|
|
- TargetName.exportedTargName have spelling error on OCTET STRING
|
||
|
|
|
||
|
|
- padata number is wrong (page 13)
|
||
|
|
|
||
|
|
still missing:
|
||
|
|
|
||
|
|
- storing credentials so we can skip pku2u
|
||
|
|
- mapping server names into kerberos name
|
||
|
|
- setting target asserted name
|
||
|
|
- Make target name have a real meaning
|
||
|
|
- Implemement GSS_C_NT_DN
|
||
|
|
- Verify ad-pku2u-client-name in acceptor
|
||
|
|
|
||
|
|
How to try:
|
||
|
|
|
||
|
|
- sudo dscl . append /Users/lha RecordName 'description=MobileMe Sharing Certificate,CN=bitcollector,OU=me.com,O=Apple Inc.,C=US'
|
||
|
|
|
||
|
|
- sudo chmod 644 /etc/krb5.keytab
|
||
|
|
|
||
|
|
- /usr/local/libexec/heimdal/bin/test_context --mech-type=PKU2U --mutual-auth --wrap service@host
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
sudo dscl . append /Users/lha RecordName 55D20C14EE9EB4C41962801D1AD88AD7ACF34D72
|
||
|
|
sudo dscl . append /Users/lha dsAttrTypeStandard:AltSecurityIdentities 'X509:<T>CN=Apple Root Certificate Authority,OU=Apple Computer Certificate Authority,O=Apple Computer\, Inc.,C=US<S>description=MobileMe Sharing Certificate,CN=bitcollector,OU=me.com,O=Apple Inc.,C=US'
|