Search on PKINIT - this will give you some background. Also, you can use protocol transition in some implementations.....

Lastly - what os and client? Is this web front end of client workstation auth? How are private keys manged? ....

All the Best,

Paul


----- Original Message ----
From: Andrea
To: kerberos@mit.edu
Sent: Thursday, January 10, 2008 3:20:33 AM
Subject: Authenticating on kerberos via certifates

Hi all,
I'm facing with this problem:

I have a working authentication configure system that uses Kerberos
for authentication. The credentials that have to be passed in order to
obtain a TGT are username and password. Now I'm looking for some hint
on how to authenticate on kerberos through certificates like X.509.

This is what I want:

Let's assume that an user has a valid certificate created by a CA. The
user can authenticate himself without prompting any user/pwd but just
having the certificate. According to you is it possible to construct
an intermediate layer between the user and kerberos which maps the
certificates in credentials allowing Kerberos to authenticate the user
himself.

Thanks in advance,
Andrea
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos