On 04/14/2014 07:41 AM, Arpit Srivastava wrote: > 1. Is built-in crypto backend enough for PKINIT to work or do we need > anything else in addition for that ?
PKINIT uses OpenSSL (by default) or NSS (if explicitly built that way) for public-key crypto operations. It uses libk5crypto for RFC 3961 operations, and any of the libk5crypto modules is fine for that. > 2. Has built-in crypto backend been tested against vulnerabilities and > how abt support offered by the community if any issue related to builtin > crypto backend is reported in future ? It's the default module and is used by most downstream distributors (with the exception of Solaris), so it receives plenty of testing and support. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
