[Freeipa-devel] GSS-Proxy <-> TPM <-> PKCS#11 (silly idea)
Petr Spacek
pspacek at redhat.com
Fri Feb 14 13:51:54 UTC 2014
Hello,
I have got an silly idea to use TPM (Trusted Platform Module) as backend for
Keytab storage (via GSS-Proxy).
GSS-Proxy prevents application from accessing key material, right? So
GSS-Proxy could theoretically store keys in TPM and application wouldn't
notice any difference, right?
We have libraries for that in Fedora already:
https://admin.fedoraproject.org/pkgdb/acls/name/trousers
Even sillier idea is to use TPM as a PKCS#11 module:
http://trousers.sourceforge.net/pkcs11.html
I have no idea what the use case could be ... :-) May be as a "cache" for
PKCS#11 module in SSSD?
As I said, it is just a silly idea.
--
Petr^2 Spacek
More information about the Freeipa-devel
mailing list