Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-74373

Support PKCS11 EC client certs in PKINIT [rhel-10]

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • rhel-10.0
    • rhel-10.0
    • krb5
    • krb5-1.21.3-7.el10
    • No
    • Moderate
    • 3
    • rhel-idm-ipa
    • ssg_idm
    • 26
    • 3
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • 2025-Q1-Bravo-S1, 2025-Q1-Bravo-S2, 2025-Q1-Bravo-S3
    • Enhancement
    • Hide
      Elliptic curve certificates were not supported for PKCS#11 smartcards (only RSA certificates were) for Kerberos PKINIT pre-authentication (but EC certificates was already supported as normal certificate files).

      This update adds support for PKCS#11 EC certificates with PKINIT.

      MIT Kerberos now supports RSA and EC for PKCS#11 PKINIT pre-authentication.
      Show
      Elliptic curve certificates were not supported for PKCS#11 smartcards (only RSA certificates were) for Kerberos PKINIT pre-authentication (but EC certificates was already supported as normal certificate files). This update adds support for PKCS#11 EC certificates with PKINIT. MIT Kerberos now supports RSA and EC for PKCS#11 PKINIT pre-authentication.
    • Proposed
    • All
    • None

      krb5-pkinit is missing support for loading EC certificates using PKCS11. This feature was already implemented upstream.

              jrische@redhat.com Julien Rische
              jrische@redhat.com Julien Rische
              Julien Rische Julien Rische
              Michal Polovka Michal Polovka
              Filip Hanzelka Filip Hanzelka
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: