[Freeipa-devel] GSS-Proxy <-> TPM <-> PKCS#11 (silly idea)
Simo Sorce
simo at redhat.com
Sun Feb 16 12:22:55 UTC 2014
On Fri, 2014-02-14 at 14:51 +0100, Petr Spacek wrote:
> Hello,
>
> I have got an silly idea to use TPM (Trusted Platform Module) as backend for
> Keytab storage (via GSS-Proxy).
>
> GSS-Proxy prevents application from accessing key material, right? So
> GSS-Proxy could theoretically store keys in TPM and application wouldn't
> notice any difference, right?
>
> We have libraries for that in Fedora already:
> https://admin.fedoraproject.org/pkgdb/acls/name/trousers
>
>
> Even sillier idea is to use TPM as a PKCS#11 module:
> http://trousers.sourceforge.net/pkcs11.html
>
> I have no idea what the use case could be ... :-) May be as a "cache" for
> PKCS#11 module in SSSD?
>
>
> As I said, it is just a silly idea.
>
Open a ticket in the GSS-Proxy trac :)
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list