=D0=98=D0=BD=D1=81=D1=82=D1=80=D1=83=D0=BA=D1=86=D0=B8=D1=8F =D0=BE=D0=
=BF=D0=B8=D1=81=D1=8B=D0=B2=D0=B0=D0=B5=D1=82 =D0=BD=D0=B0=D1=81=D1=82=D1=
=80=D0=BE=D0=B9=D0=BA=D1=83 =D0=B4=D0=B2=D1=83=D1=85=D1=84=D0=B0=D0=BA=D1=
=82=D0=BE=D1=80=D0=BD=D0=BE=D0=B9 =D0=B0=D1=83=D1=82=D0=B5=D0=BD=D1=82=D0=
=B8=D1=84=D0=B8=D0=BA=D0=B0=D1=86=D0=B8=D0=B8 =D0=BF=D0=BE =D1=81=D0=BC=D0=
=B0=D1=80=D1=82-=D0=BA=D0=B0=D1=80=D1=82=D0=B0=D0=BC =D0=B8 USB-=D1=82=D0=
=BE=D0=BA=D0=B5=D0=BD=D0=B0=D0=BC JaCarta PKI =D0=BD=D0=B0 =D0=BE=D1=81=D0=
=BD=D0=BE=D0=B2=D0=B5 =D1=86=D0=B8=D1=84=D1=80=D0=BE=D0=B2=D1=8B=D1=85 =D1=
=81=D0=B5=D1=80=D1=82=D0=B8=D1=84=D0=B8=D0=BA=D0=B0=D1=82=D0=BE=D0=B2 X.509=
=D0=B2 =D0=B4=D0=BE=D0=BC=D0=B5=D0=BD=D0=B5 ALD (Astra Linux Directory).=
p>
=D0=98=D0=BD=D1=81=D1=82=D1=80=D1=83=D0=BA=D1=86=D0=B8=D1=8F =D0=BF=D1=
=80=D0=B5=D0=B4=D0=BF=D0=BE=D0=BB=D0=B0=D0=B3=D0=B0=D0=B5=D1=82, =D1=87=D1=
=82=D0=BE ALD =D1=83=D0=B6=D0=B5 =D1=80=D0=B0=D0=B7=D0=B2=D0=B5=D1=80=D0=BD=
=D1=83=D1=82, =D1=81=D1=83=D1=89=D0=B5=D1=81=D1=82=D0=B2=D1=83=D0=B5=D1=82 =
=D0=BC=D0=B8=D0=BD=D0=B8=D0=BC=D1=83=D0=BC =D0=BE=D0=B4=D0=B8=D0=BD =D0=B4=
=D0=BE=D0=BC=D0=B5=D0=BD=D0=BD=D1=8B=D0=B9 =D0=BF=D0=BE=D0=BB=D1=8C=D0=B7=
=D0=BE=D0=B2=D0=B0=D1=82=D0=B5=D0=BB=D1=8C, =D0=BA=D0=BE=D1=82=D0=BE=D1=80=
=D1=8B=D0=B9 =D0=BC=D0=BE=D0=B6=D0=B5=D1=82 =D0=B0=D1=83=D1=82=D0=B5=D0=BD=
=D1=82=D0=B8=D1=84=D0=B8=D1=86=D0=B8=D1=80=D0=BE=D0=B2=D0=B0=D1=82=D1=8C=D1=
=81=D1=8F =D0=BF=D0=BE =D0=BF=D0=B0=D1=80=D0=BE=D0=BB=D1=8E, =D0=B2=D1=80=
=D0=B5=D0=BC=D1=8F =D0=BA=D0=BB=D0=B8=D0=B5=D0=BD=D1=82=D0=B0 =D0=B8 =D1=81=
=D0=B5=D1=80=D0=B2=D0=B5=D1=80=D0=B0 =D1=81=D0=BE=D0=B2=D0=BF=D0=B0=D0=B4=
=D0=B0=D1=8E=D1=82.
=D0=A3=D1=81=D1=82=D0=B0=D0=
=BD=D0=BE=D0=B2=D0=BA=D0=B0 =D0=B4=D1=80=D0=B0=D0=B9=D0=B2=D0=B5=D1=80=D0=
=BE=D0=B2 =D0=BD=D0=B0 =D1=81=D0=B5=D1=80=D0=B2=D0=B5=D1=80 =D0=B8 =D0=BA=
=D0=BB=D0=B8=D0=B5=D0=BD=D1=82
=D0=94=D0=BB=D1=8F =D0=BE=D0=B1=D0=B5=D1=81=D0=BF=D0=B5=D1=87=D0=B5=D0=
=BD=D0=B8=D1=8F =D1=80=D0=B0=D0=B1=D0=BE=D1=82=D1=8B =D1=81 =D0=BA=D0=B0=D1=
=80=D1=82=D0=BE=D0=B9 JaCarta PKI, =D0=BD=D0=B0 =D0=BA=D0=BB=D0=B8=D0=B5=D0=
=BD=D1=82=D0=B5 =D0=B8 =D1=81=D0=B5=D1=80=D0=B2=D0=B5=D1=80=D0=B5 =D1=83=D1=
=81=D1=82=D0=B0=D0=BD=D0=BE=D0=B2=D0=B8=D1=82=D0=B5 =D1=81=D0=BB=D0=B5=D0=
=B4=D1=83=D1=8E=D1=89=D0=B8=D0=B5 =D0=BF=D0=B0=D0=BA=D0=B5=D1=82=D1=8B: lib=
ccid, pcscd, libpcsclite1. =D0=9F=D0=BE=D1=81=D0=BB=D0=B5 =D1=83=D1=81=D1=
=82=D0=B0=D0=BD=D0=BE=D0=B2=D0=BA=D0=B8 =D1=8D=D1=82=D0=B8=D1=85 =D0=BE=D0=
=B1=D1=8F=D0=B7=D0=B0=D1=82=D0=B5=D0=BB=D1=8C=D0=BD=D1=8B=D1=85 =D0=BF=D0=
=B0=D0=BA=D0=B5=D1=82=D0=BE=D0=B2, =D1=83=D1=81=D1=82=D0=B0=D0=BD=D0=BE=D0=
=B2=D0=B8=D1=82=D0=B5 =D0=BF=D0=B0=D0=BA=D0=B5=D1=82 =D0=B4=D1=80=D0=B0=D0=
=B9=D0=B2=D0=B5=D1=80=D0=BE=D0=B2 IDProtectClient, =D0=BA=D0=BE=D1=82=D0=BE=
=D1=80=D1=8B=D0=B9 =D0=BC=D0=BE=D0=B6=D0=BD=D0=BE =D0=B7=D0=B0=D0=B3=D1=80=
=D1=83=D0=B7=D0=B8=D1=82=D1=8C =D1=81 =D0=BE=D1=84=D0=B8=D1=86=D0=B8=D0=B0=
=D0=BB=D1=8C=D0=BD=D0=BE=D0=B3=D0=BE =D1=81=D0=B0=D0=B9=D1=82=D0=B0 =C2=AB=
=D0=90=D0=BB=D0=B0=D0=B4=D0=B4=D0=B8=D0=BD =D0=A0.=D0=94.=C2=BB =D0=B2 =D1=
=80=D0=B0=D0=B7=D0=B4=D0=B5=D0=BB=D0=B5 =D0=9F=D0=BE=D0=B4=D0=B4=D0=B5=D1=
=80=D0=B6=D0=BA=D0=B0 =E2=80=93> =D0=A6=D0=B5=D0=BD=D1=82=D1=80 =D0=97=
=D0=B0=D0=B3=D1=80=D1=83=D0=B7=D0=BA=D0=B8 =E2=80=93> JaCarta =E2=80=93&=
gt; JaCarta PKI =D0=B4=D0=BB=D1=8F Linux.
=D0=94=D0=BB=D1=8F =D0=BE=D0=B1=D0=B5=D1=81=D0=BF=D0=B5=D1=87=D0=B5=D0=BD=
=D0=B8=D1=8F =D1=80=D0=B0=D0=B1=D0=BE=D1=82=D1=8B =D1=81=D0=BE =D1=81=D0=BC=
=D0=B0=D1=80=D1=82-=D0=BA=D0=B0=D1=80=D1=82=D0=BE=D0=B9 =D0=BF=D0=BE=D0=B4=
=D1=81=D0=B8=D1=81=D1=82=D0=B5=D0=BC=D1=8B Kerberos =D0=B4=D0=BE=D0=B1=D0=
=B0=D0=B2=D0=BE=D1=87=D0=BD=D0=BE =D0=BA =D0=BF=D1=80=D0=B5=D0=B4=D1=83=D1=
=81=D1=82=D0=B0=D0=BD=D0=BE=D0=B2=D0=BB=D0=B5=D0=BD=D0=BD=D1=8B=D0=BC =D0=
=BF=D0=B0=D0=BA=D0=B5=D1=82=D0=B0=D0=BC ald/kerberos =D1=83=D1=81=
=D1=82=D0=B0=D0=BD=D0=BE=D0=B2=D0=B8=D1=82=D0=B5 =D0=BF=D0=B0=D0=BA=D0=B5=
=D1=82 krb5-pkinit =D0=BD=D0=B0 =D0=BA=D0=BB=D0=B8=D0=B5=D0=BD=D1=82=
=D0=B5 =D0=B8 =D1=81=D0=B5=D1=80=D0=B2=D0=B5=D1=80=D0=B5. =D0=94=D0=
=BB=D1=8F =D0=BE=D0=B1=D0=B5=D1=81=D0=BF=D0=B5=D1=87=D0=B5=D0=BD=D0=B8=D1=
=8F =D0=B2=D0=BE=D0=B7=D0=BC=D0=BE=D0=B6=D0=BD=D0=BE=D1=81=D1=82=D0=B8 =D0=
=B2=D1=8B=D0=BF=D1=83=D1=81=D0=BA=D0=B0 =D0=BA=D0=BB=D1=8E=D1=87=D0=B5=D0=
=B9 =D0=B8 =D1=81=D0=B5=D1=80=D1=82=D0=B8=D1=84=D0=B8=D0=BA=D0=B0=D1=82=D0=
=BE=D0=B2 =D0=BD=D0=B0 JaCarta PKI, =D0=BD=D0=B0 =D1=81=D0=B5=D1=80=D0=B2=
=D0=B5=D1=80=D0=B5 =D1=82=D0=B0=D0=BA=D0=B6=D0=B5 =D1=83=D1=81=D1=82=D0=B0=
=D0=BD=D0=BE=D0=B2=D0=B8=D1=82=D0=B5 =D0=BF=D0=B0=D0=BA=D0=B5=D1=82=D1=8B l=
ibengine-pkcs11-openssl =D0=B8 opensc.
=D0=A3=D1=81=D1=82=D0=
=B0=D0=BD=D0=BE=D0=B2=D0=BA=D0=B0 =D0=B8 =D0=BD=D0=B0=D1=81=D1=82=D1=80=D0=
=BE=D0=B9=D0=BA=D0=B0 =D1=86=D0=B5=D0=BD=D1=82=D1=80=D0=B0 =D1=81=D0=B5=D1=
=80=D1=82=D0=B8=D1=84=D0=B8=D0=BA=D0=B0=D1=86=D0=B8=D0=B8 =D0=BD=D0=B0 =D1=
=81=D0=B5=D1=80=D0=B2=D0=B5=D1=80=D0=B5
=D0=92 =D0=BA=D0=B0=D1=87=D0=B5=D1=81=D1=82=D0=B2=D0=B5 =D1=86=D0=B5=D0=
=BD=D1=82=D1=80=D0=B0 =D1=81=D0=B5=D1=80=D1=82=D0=B8=D1=84=D0=B8=D0=BA=D0=
=B0=D1=86=D0=B8=D0=B8 (CA) =D0=B1=D1=83=D0=B4=D0=B5=D1=82 =D0=B8=D1=81=D0=
=BF=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE=D0=B2=D0=B0=D0=BD OpenSSL. OpenSSL =E2=80=
=94 =D0=BA=D1=80=D0=B8=D0=BF=D1=82=D0=BE=D0=B3=D1=80=D0=B0=D1=84=D0=B8=D1=
=87=D0=B5=D1=81=D0=BA=D0=B8=D0=B9 =D0=BF=D0=B0=D0=BA=D0=B5=D1=82 =D1=81 =D0=
=BE=D1=82=D0=BA=D1=80=D1=8B=D1=82=D1=8B=D0=BC =D0=B8=D1=81=D1=85=D0=BE=D0=
=B4=D0=BD=D1=8B=D0=BC =D0=BA=D0=BE=D0=B4=D0=BE=D0=BC =D0=B4=D0=BB=D1=8F =D1=
=80=D0=B0=D0=B1=D0=BE=D1=82=D1=8B =D1=81 SSL/TLS. =D0=9F=D0=BE=D0=B7=D0=B2=
=D0=BE=D0=BB=D1=8F=D0=B5=D1=82 =D1=81=D0=BE=D0=B7=D0=B4=D0=B0=D0=B2=D0=B0=
=D1=82=D1=8C =D0=BA=D0=BB=D1=8E=D1=87=D0=B8 RSA, DH, DSA =D0=B8 =D1=81=D0=
=B5=D1=80=D1=82=D0=B8=D1=84=D0=B8=D0=BA=D0=B0=D1=82=D1=8B X.509, =D0=BF=D0=
=BE=D0=B4=D0=BF=D0=B8=D1=81=D1=8B=D0=B2=D0=B0=D1=82=D1=8C =D0=B8=D1=85, =D1=
=84=D0=BE=D1=80=D0=BC=D0=B8=D1=80=D0=BE=D0=B2=D0=B0=D1=82=D1=8C CSR =D0=B8 =
CRT.
=D0=92=D1=81=D0=B5 =D0=BD=D0=B0=D1=81=D1=82=D1=80=D0=BE=D0=B9=D0=BA=D0=B8 =
=D0=B2 =D1=80=D1=83=D0=BA=D0=BE=D0=B2=D0=BE=D0=B4=D1=81=D1=82=D0=B2=D0=B5 =
=D0=B2=D1=8B=D0=BF=D0=BE=D0=BB=D0=BD=D1=8F=D1=8E=D1=82=D1=81=D1=8F =D0=B4=
=D0=BB=D1=8F =D1=82=D0=B5=D1=81=D1=82=D0=BE=D0=B2=D0=BE=D0=B3=D0=BE =D0=B4=
=D0=BE=D0=BC=D0=B5=D0=BD=D0=B0 EXAMPLE.RU. =D0=9F=D1=80=D0=B8=D0=
=BC=D0=B5=D0=BC, =D1=87=D1=82=D0=BE =D1=81=D0=B5=D1=80=D0=B2=D0=B5=D1=80 =
=D0=B8 =D0=BA=D0=BB=D0=B8=D0=B5=D0=BD=D1=82 =D0=BF=D1=80=D0=B8=D0=BD=D0=B0=
=D0=B4=D0=BB=D0=B5=D0=B6=D0=B0=D1=82 =D0=B4=D0=BE=D0=BC=D0=B5=D0=BD=D1=83 <=
big>EXAMPLE.RU, =D0=B8=D0=BC=D1=8F =D1=81=D0=B5=D1=80=D0=B2=D0=B5=D1=
=80=D0=B0 =E2=80=93 kdc, =D0=B0 =D0=BA=D0=BB=D0=B8=D0=B5=D0=BD=
=D1=82=D0=B0 =E2=80=93 PCclient. =D0=9F=D1=80=D0=B8 =D0=BD=D0=B0=
=D1=81=D1=82=D1=80=D0=BE=D0=B9=D0=BA=D0=B5 =D0=B8=D1=81=D0=BF=D0=BE=D0=BB=
=D1=8C=D0=B7=D1=83=D0=B9=D1=82=D0=B5 =D0=B8=D0=BC=D0=B5=D0=BD=D0=B0 =D0=B2=
=D0=B0=D1=88=D0=B5=D0=B3=D0=BE =D0=B4=D0=BE=D0=BC=D0=B5=D0=BD=D0=B0, =D1=81=
=D0=B5=D1=80=D0=B2=D0=B5=D1=80=D0=B0 =D0=B8 =D0=BA=D0=BB=D0=B8=D0=B5=D0=BD=
=D1=82=D0=B0.
=D0=92=D1=8B=D0=BF=D0=BE=D0=BB=D0=BD=D0=B8=D1=82=D0=B5 =D1=81=D0=BB=D0=B5=
=D0=B4=D1=83=D1=8E=D1=89=D0=B8=D0=B5 =D0=B4=D0=B5=D0=B9=D1=81=D1=82=D0=B2=
=D0=B8=D1=8F.
1. =D0=A1=D0=BE=D0=B7=D0=B4=D0=B0=D0=B9=D1=82=D0=B5 =D0=BA=D0=B0=D1=82=D0=
=B0=D0=BB=D0=BE=D0=B3 CA =D0=BA=D0=BE=D0=BC=D0=B0=D0=BD=D0=B4=D0=BE=D0=B9 m=
kdir /etc/ssl/CA =D0=B8 =D0=BF=D0=B5=D1=80=D0=B5=D0=B9=D0=B4=D0=B8=D1=82=D0=
=B5 =D0=B2 =D0=BD=D0=B5=D0=B3=D0=BE. =D0=92 =D1=8D=D1=82=D0=BE=D0=BC =D0=BA=
=D0=B0=D1=82=D0=B0=D0=BB=D0=BE=D0=B3=D0=B5 =D0=B1=D1=83=D0=B4=D1=83=D1=82 =
=D1=80=D0=B0=D0=B7=D0=BC=D0=B5=D1=89=D0=B0=D1=82=D1=8C=D1=81=D1=8F =D1=81=
=D0=B3=D0=B5=D0=BD=D0=B5=D1=80=D0=B8=D1=80=D0=BE=D0=B2=D0=B0=D0=BD=D0=BD=D1=
=8B=D0=B5 =D0=BA=D0=BB=D1=8E=D1=87=D0=B8 =D0=B8 =D1=81=D0=B5=D1=80=D1=82=D0=
=B8=D1=84=D0=B8=D0=BA=D0=B0=D1=82=D1=8B.
2. =D0=A1=D0=BE=D0=B7=D0=B4=D0=B0=D0=B9=D1=82=D0=B5 =D0=BA=D0=BB=D1=8E=D1=
=87 =D0=B8 =D1=81=D0=B5=D1=80=D1=82=D0=B8=D1=84=D0=B8=D0=BA=D0=B0=D1=82 CA:=
openssl genrsa -out cakey.pem 2048
openssl req -key c=
akey.pem -new -x509 -days 365 -out cacert.pem
=D0=92 =D0=B4=D0=B8=D0=B0=D0=BB=D0=BE=D0=B3=D0=B5 =D0=B7=D0=B0=D0=BF=
=D0=BE=D0=BB=D0=BD=D0=B8=D1=82=D0=B5 =D0=BD=D0=B5=D0=BE=D0=B1=D1=85=D0=BE=
=D0=B4=D0=B8=D0=BC=D1=83=D1=8E =D0=B8=D0=BD=D1=84=D0=BE=D1=80=D0=BC=D0=B0=
=D1=86=D0=B8=D1=8E =D0=BE =D0=B2=D0=B0=D1=88=D0=B5=D0=BC =D1=86=D0=B5=D0=BD=
=D1=82=D1=80=D0=B5 =D1=81=D0=B5=D1=80=D1=82=D0=B8=D1=84=D0=B8=D0=BA=D0=B0=
=D1=86=D0=B8=D0=B8. =D0=92 Common name =D1=83=D0=BA=D0=B0=D0=B7=D0=B0=
=D1=82=D1=8C EXAMPLE.RU.
3. =D0=A1=D0=BE=D0=B7=D0=B4=D0=B0=D0=B9=D1=82=D0=B5 =D0=BA=D0=BB=D1=8E=D1=
=87 =D0=B8 =D1=81=D0=B5=D1=80=D1=82=D0=B8=D1=84=D0=B8=D0=BA=D0=B0=D1=82&nbs=
p;KDC:=20
openssl genrsa -out kdckey.pem 2048
openssl req -new =
-out kdc.req -key kdckey.pem
=D0=92 =D0=B4=D0=B8=D0=B0=D0=BB=D0=BE=D0=B3=D0=B5 =D0=B7=D0=B0=D0=BF=
=D0=BE=D0=BB=D0=BD=D0=B8=D1=82=D0=B5 =D0=BD=D0=B5=D0=BE=D0=B1=D1=85=D0=BE=
=D0=B4=D0=B8=D0=BC=D1=83=D1=8E =D0=B8=D0=BD=D1=84=D0=BE=D1=80=D0=BC=D0=B0=
=D1=86=D0=B8=D1=8E =D0=BE =D0=B2=D0=B0=D1=88=D0=B5=D0=BC =D1=81=D0=B5=D1=80=
=D0=B2=D0=B5=D1=80=D0=B5. =D0=92 Common name =D1=83=D0=BA=D0=B0=D0=B7=
=D0=B0=D1=82=D1=8C kdc.
4. =D0=A3=D1=81=D1=82=D0=B0=D0=BD=D0=BE=D0=B2=D0=B8=D1=82=D0=B5 =D0=BF=D0=
=B5=D1=80=D0=B5=D0=BC=D0=B5=D0=BD=D0=BD=D1=8B=D0=B5 =D1=81=D1=80=D0=B5=D0=
=B4=D1=8B. =D0=9F=D0=B5=D1=80=D0=B5=D0=BC=D0=B5=D0=BD=D0=BD=D1=8B=D0=B5 =D1=
=81=D1=80=D0=B5=D0=B4=D1=8B =D1=83=D1=81=D1=82=D0=B0=D0=BD=D0=B0=D0=B2=D0=
=BB=D0=B8=D0=B2=D0=B0=D1=8E=D1=82=D1=81=D1=8F =D0=B2 =D1=80=D0=B0=D0=BC=D0=
=BA=D0=B0=D1=85 =D1=81=D0=B5=D1=81=D1=81=D0=B8=D0=B8 =D0=B8 =D0=BD=D0=B5 =
=D1=83=D1=81=D1=82=D0=B0=D0=BD=D0=B0=D0=B2=D0=BB=D0=B8=D0=B2=D0=B0=D1=8E=D1=
=82=D1=81=D1=8F =D0=B4=D0=BB=D1=8F =D0=B4=D1=80=D1=83=D0=B3=D0=B8=D1=85 =D1=
=81=D0=B5=D1=81=D1=81=D0=B8=D0=B9, =D0=B8 =D0=BD=D0=B5 =D1=81=D0=BE=D1=85=
=D1=80=D0=B0=D0=BD=D1=8F=D1=8E=D1=82=D1=81=D1=8F =D0=BF=D0=BE=D1=81=D0=BB=
=D0=B5 =D0=B7=D0=B0=D0=BA=D1=80=D1=8B=D1=82=D0=B8=D1=8F =D1=81=D0=B5=D1=81=
=D1=81=D0=B8=D0=B8:=20
export REALM=3D<=D0=B8=D0=BC=D1=8F_=D0=B4=D0=BE=D0=BC=D0=B5=D0=BD=
=D0=B0>
export CLIENT=3D<=D0=B8=D0=BC=D1=8F_=D1=81=D0=
=B5=D1=80=D0=B2=D0=B5=D1=80=D0=B0>
5. =D0=97=D0=B0=D0=B3=D1=80=D1=83=D0=B7=D0=B8=D1=82=D0=B5 =D1=84=D0=B0=D0=
=B9=D0=BB
pkinit_extensions. =
=D0=97=D0=B0=D0=B3=D1=80=D1=83=D0=B6=D0=B5=D0=BD=D0=BD=D1=8B=D0=B9 =D1=84=
=D0=B0=D0=B9=D0=BB =D1=80=D0=B0=D0=B7=D0=BC=D0=B5=D1=81=D1=82=D0=B8=D1=82=
=D1=8C =D0=B2 =D1=82=D0=BE=D0=BC =D0=BA=D0=B0=D1=82=D0=B0=D0=BB=D0=BE=D0=B3=
=D0=B5, =D0=B2 =D0=BA=D0=BE=D1=82=D0=BE=D1=80=D0=BE=D0=BC =D0=B2=D1=8B =D0=
=B2=D1=8B=D0=BF=D0=BE=D0=BB=D0=BD=D1=8F=D0=B5=D1=82=D0=B5 =D0=BA=D0=BE=D0=
=BC=D0=B0=D0=BD=D0=B4=D1=8B.
6. =D0=92=D1=8B=D0=BF=D1=83=D1=81=D1=82=D0=B8=D1=82=D0=B5 =D1=81=D0=B5=D1=
=80=D1=82=D0=B8=D1=84=D0=B8=D0=BA=D0=B0=D1=82 KDC:=20
openssl x509 -req -in kdc.req -CAkey cakey.pem -CA cacert.pem -out kd=
c.pem -extfile pkinit_extensions -extensions kdc_cert =E2=80=93CAcreateseri=
al -days 365
7. =D0=A4=D0=B0=D0=B9=D0=BB=D1=8B kdc.pem, kdckey.pem, cacert.pem =D0=BF=D0=
=B5=D1=80=D0=B5=D0=BD=D0=B5=D1=81=D0=B8=D1=82=D0=B5 =D0=B2 /var/lib/kr=
b5kdc/
8. =D0=A1=D0=BE=D0=B7=D0=B4=D0=B0=D0=B9=D1=82=D0=B5 =D1=80=D0=B5=D0=B7=D0=
=B5=D1=80=D0=B2=D0=BD=D1=83=D1=8E =D0=BA=D0=BE=D0=BF=D0=B8=D1=8E =D1=84=D0=
=B0=D0=B9=D0=BB=D0=B0 /etc/krb5kdc/kdc.conf. =D0=9E=D1=82=D1=80=D0=B5=D0=B4=
=D0=B0=D0=BA=D1=82=D0=B8=D1=80=D1=83=D0=B9=D1=82=D0=B5 /etc/krb5kdc/kdc.con=
f, =D0=B4=D0=BE=D0=BF=D0=BE=D0=BB=D0=BD=D0=B8=D0=B2 =D1=81=D0=B5=D0=BA=D1=
=86=D0=B8=D1=8E
[kdcdefaults]
=D1=81=D0=BB=D0=B5=D0=B4=D1=83=
=D1=8E=D1=89=D0=B8=D0=BC=D0=B8 =D0=B7=D0=B0=D0=BF=D0=B8=D1=81=D1=8F=D0=BC=
=D0=B8:
pkinit_identity =
=3D FILE:/var/lib/krb5kdc/kdc.pem,/var/lib/krb5kdc/kdckey.pem
pkinit_anchors =3D FILE:/var/lib/krb5kdc/cacert.pem
=D0=9F=D0=B5=D1=80=D0=B2=D0=B0=D1=8F =D0=B7=D0=B0=D0=BF=D0=B8=D1=81=D1=
=8C =D0=B7=D0=B0=D0=B4=D0=B0=D0=B5=D1=82 =D0=BA=D0=BB=D1=8E=D1=87=D0=B8 =D0=
=B8 =D1=81=D0=B5=D1=80=D1=82=D0=B8=D1=84=D0=B8=D0=BA=D0=B0=D1=82 =D1=81=D0=
=B5=D1=80=D0=B2=D0=B5=D1=80=D0=B0, =D0=B0 =D0=B2=D1=82=D0=BE=D1=80=D0=B0=D1=
=8F =D1=83=D0=BA=D0=B0=D0=B7=D1=8B=D0=B2=D0=B0=D0=B5=D1=82 =D0=BD=D0=B0 =D0=
=BA=D0=BE=D1=80=D0=BD=D0=B5=D0=B2=D0=BE=D0=B9 =D1=81=D0=B5=D1=80=D1=82=D0=
=B8=D1=84=D0=B8=D0=BA=D0=B0=D1=82 =D0=A6=D0=B5=D0=BD=D1=82=D1=80=D0=B0 =D0=
=A1=D0=B5=D1=80=D1=82=D0=B8=D1=84=D0=B8=D0=BA=D0=B0=D1=86=D0=B8=D0=B8.
<=
br>
9. =D0=94=D0=BB=D1=8F =D0=BF=D1=80=D0=B8=D0=BD=D1=8F=D1=82=D0=B8=D1=8F =D0=
=B8=D0=B7=D0=BC=D0=B5=D0=BD=D0=B5=D0=BD=D0=B8=D0=B9, =D0=B2=D1=8B=D0=BF=D0=
=BE=D0=BB=D0=BD=D0=B8=D1=82=D0=B5:
/etc/init.d/krb5-admin-server restart
/etc/init.d/krb=
5-kdc restart
=D0=9F=D0=BE=D0=B4=D0=B3=D0=BE=D1=
=82=D0=BE=D0=B2=D0=BA=D0=B0 =D1=81=D0=BC=D0=B0=D1=80=D1=82-=D0=BA=D0=B0=D1=
=80=D1=82=D1=8B. =D0=92=D1=8B=D0=BF=D1=83=D1=81=D0=BA =D0=BA=D0=BB=D1=8E=D1=
=87=D0=B5=D0=B9 =D0=B8 =D1=81=D0=B5=D1=80=D1=82=D0=B8=D1=84=D0=B8=D0=BA=D0=
=B0=D1=82=D0=B0 =D0=BF=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE=D0=B2=D0=B0=D1=82=D0=
=B5=D0=BB=D1=8F
=D0=A3=D0=B1=D0=B5=D0=B4=D0=B8=D1=82=D0=B5=D1=81=D1=8C, =D1=87=D1=82=D0=
=BE =D1=83=D1=81=D1=82=D0=B0=D0=BD=D0=BE=D0=B2=D0=BB=D0=B5=D0=BD=D1=8B =D0=
=BF=D0=B0=D0=BA=D0=B5=D1=82=D1=8B libengine-pkcs11-openssl =D0=B8 opensc. =
=D0=9F=D0=BE=D0=B4=D0=BA=D0=BB=D1=8E=D1=87=D0=B8=D1=82=D0=B5 =D1=83=D1=81=
=D1=82=D1=80=D0=BE=D0=B9=D1=81=D1=82=D0=B2=D0=BE, =D0=BA=D0=BE=D1=82=D0=BE=
=D1=80=D0=BE=D0=B5 =D1=81=D0=BB=D0=B5=D0=B4=D1=83=D0=B5=D1=82 =D0=BF=D0=BE=
=D0=B4=D0=B3=D0=BE=D1=82=D0=BE=D0=B2=D0=B8=D1=82=D1=8C.
=D0=9F=D1=80=D0=BE=D0=B8=D0=BD=D0=B8=D1=86=D0=B8=D0=B0=D0=BB=D0=B8=D0=B7=D0=
=B8=D1=80=D1=83=D0=B9=D1=82=D0=B5 =D1=83=D1=81=D1=82=D1=80=D0=BE=D0=B9=D1=
=81=D1=82=D0=B2=D0=BE, =D1=83=D1=81=D1=82=D0=B0=D0=BD=D0=BE=D0=B2=D0=B8=D1=
=82=D0=B5 =D0=9F=D0=98=D0=9D =D0=BA=D0=BE=D0=B4 =D0=BF=D0=BE=D0=BB=D1=8C=D0=
=B7=D0=BE=D0=B2=D0=B0=D1=82=D0=B5=D0=BB=D1=8F.
=D0=92=D0=BD=D0=B8=D0=BC=D0=B0=D0=BD=D0=B8=D0=B5! =D0=98=D0=BD=D0=B8=D1=86=
=D0=B8=D0=B0=D0=BB=D0=B8=D0=B7=D0=B0=D1=86=D0=B8=D1=8F =D1=83=D1=81=D1=82=
=D1=80=D0=BE=D0=B9=D1=81=D1=82=D0=B2=D0=B0 =D1=83=D0=B4=D0=B0=D0=BB=D0=B8=
=D1=82 =D0=B2=D1=81=D0=B5 =D0=B4=D0=B0=D0=BD=D0=BD=D1=8B=D0=B5 =D0=BD=D0=B0=
JaCarta PKI =D0=B1=D0=B5=D0=B7 =D0=B2=D0=BE=D0=B7=D0=BC=D0=BE=D0=B6=D0=BD=
=D0=BE=D1=81=D1=82=D0=B8 =D0=B2=D0=BE=D1=81=D1=81=D1=82=D0=B0=D0=BD=D0=BE=
=D0=B2=D0=BB=D0=B5=D0=BD=D0=B8=D1=8F. =D0=94=D0=BB=D1=8F =D0=B8=D0=BD=D0=B8=
=D1=86=D0=B8=D0=B0=D0=BB=D0=B8=D0=B7=D0=B0=D1=86=D0=B8=D0=B8 =D0=BD=D0=B5=
=D0=BE=D0=B1=D1=85=D0=BE=D0=B4=D0=B8=D0=BC=D0=BE =D0=B2=D0=BE=D1=81=D0=BF=
=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE=D0=B2=D0=B0=D1=82=D1=8C=D1=81=D1=8F =D1=83=
=D1=82=D0=B8=D0=BB=D0=B8=D1=82=D0=BE=D0=B9 pkcs11-tool:
pkcs11-tool --slot 0 --init-token --so-pin 00000000 --label 'JaCarta =
PKI' --module /lib64/libASEP11.so
=D0=B3=D0=B4=D0=B5:
--slot 0 =E2=80=94 =D1=83=D0=
=BA=D0=B0=D0=B7=D1=8B=D0=B2=D0=B0=D0=B5=D1=82 =D0=B2 =D0=BA=D0=B0=D0=BA=D0=
=BE=D0=B9 =D0=B2=D0=B8=D1=80=D1=82=D1=83=D0=B0=D0=BB=D1=8C=D0=BD=D1=8B=D0=
=B9 =D1=81=D0=BB=D0=BE=D1=82 =D0=BF=D0=BE=D0=B4=D0=BA=D0=BB=D1=8E=D1=87=D0=
=B5=D0=BD=D0=BE =D1=83=D1=81=D1=82=D1=80=D0=BE=D0=B9=D1=81=D1=82=D0=B2=D0=
=BE. =D0=9A=D0=B0=D0=BA =D0=BF=D1=80=D0=B0=D0=B2=D0=B8=D0=BB=D0=BE, =D1=8D=
=D1=82=D0=BE =D1=81=D0=BB=D0=BE=D1=82 0, =D0=BD=D0=BE =D0=BC=D0=BE=D0=B3=D1=
=83=D1=82 =D0=B1=D1=8B=D1=82=D1=8C =D0=B8 =D0=B4=D1=80=D1=83=D0=B3=D0=B8=D0=
=B5 =D0=B7=D0=BD=D0=B0=D1=87=D0=B5=D0=BD=D0=B8=D1=8F =E2=80=93 1,2 =D0=B8 =
=D1=82.=D0=B4.
--init-token =E2=80=93 =D0=BA=D0=BE=D0=BC=D0=
=B0=D0=BD=D0=B4=D0=B0 =D0=B8=D0=BD=D0=B8=D1=86=D0=B8=D0=B0=D0=BB=D0=B8=D0=
=B7=D0=B0=D1=86=D0=B8=D0=B8 =D1=82=D0=BE=D0=BA=D0=B5=D0=BD=D0=B0.
-=
-so-pin 00000000 =E2=80=93 =D0=9F=D0=98=D0=9D =D0=BA=D0=BE=D0=B4 =D0=
=B0=D0=B4=D0=BC=D0=B8=D0=BD=D0=B8=D1=81=D1=82=D1=80=D0=B0=D1=82=D0=BE=D1=80=
=D0=B0 JaCarta PKI. =D0=9F=D0=BE =D1=83=D0=BC=D0=BE=D0=BB=D1=87=D0=B0=D0=BD=
=D0=B8=D1=8E =D0=B8=D0=BC=D0=B5=D0=B5=D1=82 =D0=B7=D0=BD=D0=B0=D1=87=D0=B5=
=D0=BD=D0=B8=D0=B5 00000000
--label 'JaCarta PKI' - =D0=BC=D0=
=B5=D1=82=D0=BA=D0=B0 =D1=83=D1=81=D1=82=D1=80=D0=BE=D0=B9=D1=81=D1=82=D0=
=B2=D0=B0.
--module /lib64/libASEP11.so =E2=80=94 =D1=83=D0=
=BA=D0=B0=D0=B7=D1=8B=D0=B2=D0=B0=D0=B5=D1=82 =D0=BF=D1=83=D1=82=D1=8C =D0=
=B4=D0=BE =D0=B1=D0=B8=D0=B1=D0=BB=D0=B8=D0=BE=D1=82=D0=B5=D0=BA=D0=B8 libA=
SEP11.so. =D0=A3=D1=81=D1=82=D0=B0=D0=BD=D0=B0=D0=B2=D0=BB=D0=B8=D0=B2=D0=
=B0=D0=B5=D1=82=D1=81=D1=8F =D0=B2 =D1=80=D0=B0=D0=BC=D0=BA=D0=B0=D1=85 =D0=
=BF=D0=B0=D0=BA=D0=B5=D1=82=D0=B0 idprotectclient =D1=81=D0=BC. =D1=80=D0=
=B0=D0=B7=D0=B4=D0=B5=D0=BB =C2=AB=D0=A3=D1=81=D1=82=D0=B0=D0=BD=D0=BE=D0=
=B2=D0=BA=D0=B0 =D0=B4=D1=80=D0=B0=D0=B9=D0=B2=D0=B5=D1=80=D0=BE=D0=B2 =D0=
=BD=D0=B0 =D1=81=D0=B5=D1=80=D0=B2=D0=B5=D1=80 =D0=B8 =D0=BA=D0=BB=D0=B8=D0=
=B5=D0=BD=D1=82=C2=BB.
=D0=94=D0=BB=D1=8F =D0=B7=D0=B0=D0=B4=D0=B0=D0=BD=D0=B8=D1=8F =D0=9F=D0=98=
=D0=9D =D0=BA=D0=BE=D0=B4=D0=B0 =D0=BF=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE=D0=B2=
=D0=B0=D1=82=D0=B5=D0=BB=D1=8F =D0=B8=D1=81=D0=BF=D0=BE=D0=BB=D1=8C=D0=B7=
=D1=83=D0=B9=D1=82=D0=B5 =D0=BA=D0=BE=D0=BC=D0=B0=D0=BD=D0=B4=D1=83:=20
pkcs11-tool --slot 0 --init-pin --so-pin 00000000 --login --pin 11111111 --=
module /lib64/libASEP11.so
=D0=B3=D0=B4=D0=B5:
--slot 0 =E2=80=94 =D1=83=D0=BA=D0=
=B0=D0=B7=D1=8B=D0=B2=D0=B0=D0=B5=D1=82 =D0=B2 =D0=BA=D0=B0=D0=BA=D0=BE=D0=
=B9 =D0=B2=D0=B8=D1=80=D1=82=D1=83=D0=B0=D0=BB=D1=8C=D0=BD=D1=8B=D0=B9 =D1=
=81=D0=BB=D0=BE=D1=82 =D0=BF=D0=BE=D0=B4=D0=BA=D0=BB=D1=8E=D1=87=D0=B5=D0=
=BD=D0=BE =D1=83=D1=81=D1=82=D1=80=D0=BE=D0=B9=D1=81=D1=82=D0=B2=D0=BE. =D0=
=9A=D0=B0=D0=BA =D0=BF=D1=80=D0=B0=D0=B2=D0=B8=D0=BB=D0=BE, =D1=8D=D1=82=D0=
=BE =D1=81=D0=BB=D0=BE=D1=82 0, =D0=BD=D0=BE =D0=BC=D0=BE=D0=B3=D1=83=D1=82=
=D0=B1=D1=8B=D1=82=D1=8C =D0=B8 =D0=B4=D1=80=D1=83=D0=B3=D0=B8=D0=B5 =D0=
=B7=D0=BD=D0=B0=D1=87=D0=B5=D0=BD=D0=B8=D1=8F =E2=80=93 1,2 =D0=B8 =D1=82.=
=D0=B4.
--init-pin =E2=80=93 =D0=BA=D0=BE=D0=BC=D0=B0=D0=BD=
=D0=B4=D0=B0 =D1=83=D1=81=D1=82=D0=B0=D0=BD=D0=BE=D0=B2=D0=BA=D0=B8 =D0=9F=
=D0=98=D0=9D-=D0=BA=D0=BE=D0=B4=D0=B0 =D0=BF=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE=
=D0=B2=D0=B0=D1=82=D0=B5=D0=BB=D1=8F.
--so-pin 00000000 =E2=
=80=93 =D0=9F=D0=98=D0=9D =D0=BA=D0=BE=D0=B4 =D0=B0=D0=B4=D0=BC=D0=B8=D0=BD=
=D0=B8=D1=81=D1=82=D1=80=D0=B0=D1=82=D0=BE=D1=80=D0=B0 JaCarta PKI. =D0=9F=
=D0=BE =D1=83=D0=BC=D0=BE=D0=BB=D1=87=D0=B0=D0=BD=D0=B8=D1=8E =D0=B8=D0=BC=
=D0=B5=D0=B5=D1=82 =D0=B7=D0=BD=D0=B0=D1=87=D0=B5=D0=BD=D0=B8=D0=B5 0000000=
0
--login =E2=80=93 =D0=BA=D0=BE=D0=BC=D0=B0=D0=BD=D0=B4=D0=
=B0 =D0=BB=D0=BE=D0=B3=D0=B8=D0=BD=D0=B0
--pin 11111111 =E2=
=80=93 =D0=B7=D0=B0=D0=B4=D0=B0=D0=B2=D0=B0=D0=B5=D0=BC=D1=8B=D0=B9 =D0=9F=
=D0=98=D0=9D =D0=BA=D0=BE=D0=B4 =D0=BF=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE=D0=B2=
=D0=B0=D1=82=D0=B5=D0=BB=D1=8F
--module /lib64/libASEP11.so =
=E2=80=94 =D1=83=D0=BA=D0=B0=D0=B7=D1=8B=D0=B2=D0=B0=D0=B5=D1=82 =D0=BF=D1=
=83=D1=82=D1=8C =D0=B4=D0=BE =D0=B1=D0=B8=D0=B1=D0=BB=D0=B8=D0=BE=D1=82=D0=
=B5=D0=BA=D0=B8 libASEP11.so. =D0=A3=D1=81=D1=82=D0=B0=D0=BD=D0=B0=D0=B2=D0=
=BB=D0=B8=D0=B2=D0=B0=D0=B5=D1=82=D1=81=D1=8F =D0=B2 =D1=80=D0=B0=D0=BC=D0=
=BA=D0=B0=D1=85 =D0=BF=D0=B0=D0=BA=D0=B5=D1=82=D0=B0 idprotectclient =D1=81=
=D0=BC. =D1=80=D0=B0=D0=B7=D0=B4=D0=B5=D0=BB =C2=AB=D0=A3=D1=81=D1=82=D0=B0=
=D0=BD=D0=BE=D0=B2=D0=BA=D0=B0 =D0=B4=D1=80=D0=B0=D0=B9=D0=B2=D0=B5=D1=80=
=D0=BE=D0=B2 =D0=BD=D0=B0 =D1=81=D0=B5=D1=80=D0=B2=D0=B5=D1=80 =D0=B8 =D0=
=BA=D0=BB=D0=B8=D0=B5=D0=BD=D1=82=C2=BB.
=D0=A1=D0=B3=D0=B5=D0=BD=D0=B5=D1=80=D0=B8=D1=80=D1=83=D0=B9=D1=82=D0=B5 =
=D0=BA=D0=BB=D1=8E=D1=87=D0=B8 =D0=BD=D0=B0 =D1=83=D1=81=D1=82=D1=80=D0=BE=
=D0=B9=D1=81=D1=82=D0=B2=D0=B5 =D0=BA=D0=BE=D0=BC=D0=B0=D0=BD=D0=B4=D0=BE=
=D0=B9:=20
pkcs11-tool --slot 0 --login --pin 11111111 --keypairgen --key-type rsa:204=
8 --id 42 --label =E2=80=9Ctest1 key=E2=80=9D --module /lib64/libASEP11.so
=D0=B3=D0=B4=D0=B5:
--slot 0 =E2=80=94 =D1=83=D0=BA=D0=
=B0=D0=B7=D1=8B=D0=B2=D0=B0=D0=B5=D1=82 =D0=B2 =D0=BA=D0=B0=D0=BA=D0=BE=D0=
=B9 =D0=B2=D0=B8=D1=80=D1=82=D1=83=D0=B0=D0=BB=D1=8C=D0=BD=D1=8B=D0=B9 =D1=
=81=D0=BB=D0=BE=D1=82 =D0=BF=D0=BE=D0=B4=D0=BA=D0=BB=D1=8E=D1=87=D0=B5=D0=
=BD=D0=BE =D1=83=D1=81=D1=82=D1=80=D0=BE=D0=B9=D1=81=D1=82=D0=B2=D0=BE. =D0=
=9A=D0=B0=D0=BA =D0=BF=D1=80=D0=B0=D0=B2=D0=B8=D0=BB=D0=BE, =D1=8D=D1=82=D0=
=BE =D1=81=D0=BB=D0=BE=D1=82 0, =D0=BD=D0=BE =D0=BC=D0=BE=D0=B3=D1=83=D1=82=
=D0=B1=D1=8B=D1=82=D1=8C =D0=B8 =D0=B4=D1=80=D1=83=D0=B3=D0=B8=D0=B5 =D0=
=B7=D0=BD=D0=B0=D1=87=D0=B5=D0=BD=D0=B8=D1=8F =E2=80=93 1,2 =D0=B8 =D1=82.=
=D0=B4.
--login --pin 11111111 =E2=80=94 =D1=83=D0=BA=D0=B0=
=D0=B7=D1=8B=D0=B2=D0=B0=D0=B5=D1=82, =D1=87=D1=82=D0=BE =D1=81=D0=BB=D0=B5=
=D0=B4=D1=83=D0=B5=D1=82 =D0=BF=D1=80=D0=BE=D0=B8=D0=B7=D0=B2=D0=B5=D1=81=
=D1=82=D0=B8 =D0=BB=D0=BE=D0=B3=D0=B8=D0=BD =D0=BF=D0=BE=D0=B4 =D0=BF=D0=BE=
=D0=BB=D1=8C=D0=B7=D0=BE=D0=B2=D0=B0=D1=82=D0=B5=D0=BB=D0=B5=D0=BC, =D1=81 =
=D0=9F=D0=98=D0=9D- =D0=BA=D0=BE=D0=B4=D0=BE=D0=BC =C2=AB11111111=C2=BB. =
=D0=95=D1=81=D0=BB=D0=B8 =D1=83 =D0=92=D0=B0=D1=88=D0=B5=D0=B9 =D0=BA=D0=B0=
=D1=80=D1=82=D1=8B =D0=B4=D1=80=D1=83=D0=B3=D0=BE=D0=B9 =D0=9F=D0=98=D0=9D-=
=D0=BA=D0=BE=D0=B4 =D0=BF=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE=D0=B2=D0=B0=D1=82=
=D0=B5=D0=BB=D1=8F, =D1=83=D0=BA=D0=B0=D0=B6=D0=B8=D1=82=D0=B5 =D0=B5=D0=B3=
=D0=BE.
--keypairgen --key-type rsa:2048 =E2=80=94 =D1=83=D0=
=BA=D0=B0=D0=B7=D1=8B=D0=B2=D0=B0=D0=B5=D1=82, =D1=87=D1=82=D0=BE =D0=B4=D0=
=BE=D0=BB=D0=B6=D0=BD=D1=8B =D0=B1=D1=8B=D1=82=D1=8C =D1=81=D0=B3=D0=B5=D0=
=BD=D0=B5=D1=80=D0=B8=D1=80=D0=BE=D0=B2=D0=B0=D0=BD=D1=8B =D0=BA=D0=BB=D1=
=8E=D1=87=D0=B8 =D0=B4=D0=BB=D0=B8=D0=BD=D0=BE=D0=B9 2048 =D0=B1=D0=B8=D1=
=82.
--id 42 =E2=80=94 =D1=83=D1=81=D1=82=D0=B0=D0=BD=D0=B0=
=D0=B2=D0=BB=D0=B8=D0=B2=D0=B0=D0=B5=D1=82 =D0=B0=D1=82=D1=80=D0=B8=D0=B1=
=D1=83=D1=82 CKA_ID =D0=BA=D0=BB=D1=8E=D1=87=D0=B0. CKA_ID =D0=BC=D0=BE=D0=
=B6=D0=B5=D1=82 =D0=B1=D1=8B=D1=82=D1=8C =D0=BB=D1=8E=D0=B1=D1=8B=D0=BC.
=D0=97=D0=B0=D0=BF=D0=BE=D0=BC=D0=BD=D0=B8=D1=82=D0=B5 =D1=8D=D1=82=D0=BE =
=D0=B7=D0=BD=D0=B0=D1=87=D0=B5=D0=BD=D0=B8=D0=B5! =D0=9E=D0=BD=D0=BE =D0=BD=
=D0=B5=D0=BE=D0=B1=D1=85=D0=BE=D0=B4=D0=B8=D0=BC=D0=BE =D0=B4=D0=BB=D1=8F =
=D0=B4=D0=B0=D0=BB=D1=8C=D0=BD=D0=B5=D0=B9=D1=88=D0=B8=D1=85 =D1=88=D0=B0=
=D0=B3=D0=BE=D0=B2 =D0=BF=D0=BE=D0=B4=D0=B3=D0=BE=D1=82=D0=BE=D0=B2=D0=BA=
=D0=B8 =D1=83=D1=81=D1=82=D1=80=D0=BE=D0=B9=D1=81=D1=82=D0=B2=D0=B0 =D0=BA =
=D1=80=D0=B0=D0=B1=D0=BE=D1=82=D0=B5.
--label =E2=80=9Ctest1 ke=
y=E2=80=9D =E2=80=94 =D1=83=D1=81=D1=82=D0=B0=D0=BD=D0=B0=D0=B2=D0=BB=
=D0=B8=D0=B2=D0=B0=D0=B5=D1=82 =D0=B0=D1=82=D1=80=D0=B8=D0=B1=D1=83=D1=82 C=
KA_LABEL =D0=BA=D0=BB=D1=8E=D1=87=D0=B0. =D0=90=D1=82=D1=80=D0=B8=D0=B1=D1=
=83=D1=82 =D0=BC=D0=BE=D0=B6=D0=B5=D1=82 =D0=B1=D1=8B=D1=82=D1=8C =D0=BB=D1=
=8E=D0=B1=D1=8B=D0=BC.
--module /lib64/libASEP11.so =E2=80=94=
=D1=83=D0=BA=D0=B0=D0=B7=D1=8B=D0=B2=D0=B0=D0=B5=D1=82 =D0=BF=D1=83=D1=82=
=D1=8C =D0=B4=D0=BE =D0=B1=D0=B8=D0=B1=D0=BB=D0=B8=D0=BE=D1=82=D0=B5=D0=BA=
=D0=B8 libASEP11.so. =D0=A3=D1=81=D1=82=D0=B0=D0=BD=D0=B0=D0=B2=D0=BB=D0=B8=
=D0=B2=D0=B0=D0=B5=D1=82=D1=81=D1=8F =D0=B2 =D1=80=D0=B0=D0=BC=D0=BA=D0=B0=
=D1=85 =D0=BF=D0=B0=D0=BA=D0=B5=D1=82=D0=B0 idprotectclient =D1=81=D0=BC. =
=D1=80=D0=B0=D0=B7=D0=B4=D0=B5=D0=BB =C2=AB=D0=A3=D1=81=D1=82=D0=B0=D0=BD=
=D0=BE=D0=B2=D0=BA=D0=B0 =D0=B4=D1=80=D0=B0=D0=B9=D0=B2=D0=B5=D1=80=D0=BE=
=D0=B2 =D0=BD=D0=B0 =D1=81=D0=B5=D1=80=D0=B2=D0=B5=D1=80 =D0=B8 =D0=BA=D0=
=BB=D0=B8=D0=B5=D0=BD=D1=82=C2=BB.
=D0=A1=D0=B3=D0=B5=D0=BD=D0=B5=D1=80=D0=B8=D1=80=D1=83=D0=B9=D1=82=D0=B5 =
=D0=B7=D0=B0=D0=BF=D1=80=D0=BE=D1=81 =D0=BD=D0=B0 =D1=81=D0=B5=D1=80=D1=82=
=D0=B8=D1=84=D0=B8=D0=BA=D0=B0=D1=82 =D1=81 =D0=BF=D0=BE=D0=BC=D0=BE=D1=89=
=D1=8C=D1=8E =D1=83=D1=82=D0=B8=D0=BB=D0=B8=D1=82=D1=8B openssl. =D0=94=D0=
=BB=D1=8F =D1=8D=D1=82=D0=BE=D0=B3=D0=BE =D0=B2=D0=B2=D0=B5=D0=B4=D0=B8=D1=
=82=D0=B5 =D1=81=D0=BB=D0=B5=D0=B4=D1=83=D1=8E=D1=89=D0=B8=D0=B5 =D0=BA=D0=
=BE=D0=BC=D0=B0=D0=BD=D0=B4=D1=8B:=20
openssl
OpenSSL> engi=
ne dynamic -pre SO_PATH:/usr/lib/ssl/engines/engine_pkcs11.so -pre ID:pkcs1=
1 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/lib64/libASEP11.so
=
OpenSSL> req -engine pkcs11 -new -key 0:42 -keyform engine -out cl=
ient.req -subj "/C=3DRU/ST=3DMoscow/L=3DMoscow/O=3DAladdin/OU=3Ddev/CN=3Dte=
st1 (!=D0=92=D0=B0=D1=88_=D0=9F=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE=D0=B2=D0=B0=
=D1=82=D0=B5=D0=BB=D1=8C!)/emailAddress=3Dtest1@mail.com"
Ope=
nSSL>quit
=D0=9E=D0=B1=D1=80=D0=B0=D1=82=D0=B8=D1=82=D0=B5 =D0=B2=D0=BD=D0=B8=
=D0=BC=D0=B0=D0=BD=D0=B8=D0=B5 =D0=BD=D0=B0 -new -key 0:42, =D0=B3=D0=B4=D0=
=B5 0 =E2=80=94 =D0=BD=D0=BE=D0=BC=D0=B5=D1=80 =D0=B2=D0=B8=D1=80=D1=82=D1=
=83=D0=B0=D0=BB=D1=8C=D0=BD=D0=BE=D0=B3=D0=BE =D1=81=D0=BB=D0=BE=D1=82=D0=
=B0 =D1=81 =D1=83=D1=81=D1=82=D1=80=D0=BE=D0=B9=D1=81=D1=82=D0=B2=D0=BE=D0=
=BC, 42 =E2=80=94 =D0=B0=D1=82=D1=80=D0=B8=D0=B1=D1=83=D1=82 CKA_ID =D1=81=
=D0=B3=D0=B5=D0=BD=D0=B5=D1=80=D0=B8=D1=80=D0=BE=D0=B2=D0=B0=D0=BD=D0=BD=D1=
=8B=D1=85 =D1=80=D0=B0=D0=BD=D0=BD=D0=B5=D0=B5 =D0=BA=D0=BB=D1=8E=D1=87=D0=
=B5=D0=B9.
=D0=98=D0=BD=D1=84=D0=BE=D1=80=D0=BC=D0=B0=D1=86=D0=B8=D1=8E, =D0=BA=D0=BE=
=D1=82=D0=BE=D1=80=D1=83=D1=8E =D0=BD=D0=B5=D0=BE=D0=B1=D1=85=D0=BE=D0=B4=
=D0=B8=D0=BC=D0=BE =D1=83=D0=BA=D0=B0=D0=B7=D0=B0=D1=82=D1=8C =D0=B2 =D0=B7=
=D0=B0=D0=BF=D1=80=D0=BE=D1=81=D0=B5, =D1=81=D0=BB=D0=B5=D0=B4=D1=83=D0=B5=
=D1=82 =D0=B7=D0=B0=D0=B4=D0=B0=D0=B2=D0=B0=D1=82=D1=8C =D0=B2 =D0=BF=D0=BE=
=D0=BB=D0=B5
"/C=3DRU/ST=3DMoscow/L=3DMoscow/O=3DAladdin/OU=3Ddev/CN=
=3Dtest1 (!=D0=92=D0=B0=D1=88_=D0=9F=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE=D0=B2=D0=
=B0=D1=82=D0=B5=D0=BB=D1=8C!)/emailAddress=3Dtest1@mail.com"
=D0=9D=D0=B5=D0=BE=D0=B1=D1=85=D0=BE=D0=B4=D0=B8=D0=BC=D0=BE =D1=83=D1=81=
=D1=82=D0=B0=D0=BD=D0=BE=D0=B2=D0=B8=D1=82=D1=8C =D0=BF=D0=B5=D1=80=D0=B5=
=D0=BC=D0=B5=D0=BD=D0=BD=D1=8B=D0=B5 =D0=BE=D0=BA=D1=80=D1=83=D0=B6=D0=B5=
=D0=BD=D0=B8=D1=8F:=20
export REALM=3D<=D0=B8=D0=BC=D1=8F_
=D0=B4=D0=BE=D0=BC=D0=B5=
=D0=BD=D0=B0>
export CLIENT=3D<=D0=B8=D0=BC=D1=8F_=D0=BF=D0=
=BE=D0=BB=D1=8C=D0=B7=D0=BE=D0=B2=D0=B0=D1=82=D0=B5=D0=BB=D1=8F>
=D0=98 =D0=B2=D1=8B=D0=BF=D1=83=D1=81=D1=82=D0=B8=D1=82=D1=8C =D1=81=D0=B5=
=D1=80=D1=82=D0=B8=D1=84=D0=B8=D0=BA=D0=B0=D1=82 =D0=BD=D0=B0 =D0=BF=D0=BE=
=D0=BB=D1=8C=D0=B7=D0=BE=D0=B2=D0=B0=D1=82=D0=B5=D0=BB=D1=8F:=20
openssl x509 -CAkey cakey.pem -CA cacert.pem -req -in client.req -ext=
ensions client_cert -extfile pkinit_extensions -out client.pem =E2=80=93day=
s 365
=D0=94=D0=B0=D0=BB=D0=B5=D0=B5 =D0=BF=D0=B5=D1=80=D0=B5=D0=BA=D0=BE=
=D0=B4=D0=B8=D1=80=D1=83=D0=B9=D1=82=D0=B5 =D0=BF=D0=BE=D0=BB=D1=83=D1=87=
=D0=B5=D0=BD=D0=BD=D1=8B=D0=B9 =D1=81=D0=B5=D1=80=D1=82=D0=B8=D1=84=D0=B8=
=D0=BA=D0=B0=D1=82 =D0=B8=D0=B7 =D1=84=D0=BE=D1=80=D0=BC=D0=B0=D1=82=D0=B0 =
PEM =D0=B2 =D1=84=D0=BE=D1=80=D0=BC=D0=B0=D1=82 DER:=20
openssl x509 -in client.pem -out client.cer -inform PEM -outform DER
=D0=97=D0=B0=D0=BF=D0=B8=D1=88=D0=B8=D1=82=D0=B5 =D0=BF=D0=BE=D0=BB=
=D1=83=D1=87=D0=B5=D0=BD=D0=BD=D1=8B=D0=B9 =D1=81=D0=B5=D1=80=D1=82=D0=B8=
=D1=84=D0=B8=D0=BA=D0=B0=D1=82 =D0=BD=D0=B0 =D1=82=D0=BE=D0=BA=D0=B5=D0=BD:=
=20
pkcs11-tool --slot 0 --login --pin 11111111 --write-object client.cer --typ=
e 'cert' --label 'Certificate' --id 42 --module /lib64/libASEP11.so
=D0=B3=D0=B4=D0=B5:
--slot 0 =E2=80=94 =D1=83=D0=BA=D0=B0=D0=B7=D1=8B=D0=B2=D0=B0=D0=B5=D1=82 =
=D0=B2 =D0=BA=D0=B0=D0=BA=D0=BE=D0=B9 =D0=B2=D0=B8=D1=80=D1=82=D1=83=D0=B0=
=D0=BB=D1=8C=D0=BD=D1=8B=D0=B9 =D1=81=D0=BB=D0=BE=D1=82 =D0=BF=D0=BE=D0=B4=
=D0=BA=D0=BB=D1=8E=D1=87=D0=B5=D0=BD=D0=BE =D1=83=D1=81=D1=82=D1=80=D0=BE=
=D0=B9=D1=81=D1=82=D0=B2=D0=BE. =D0=9A=D0=B0=D0=BA =D0=BF=D1=80=D0=B0=D0=B2=
=D0=B8=D0=BB=D0=BE, =D1=8D=D1=82=D0=BE =D1=81=D0=BB=D0=BE=D1=82 0, =D0=BD=
=D0=BE =D0=BC=D0=BE=D0=B3=D1=83=D1=82 =D0=B1=D1=8B=D1=82=D1=8C =D0=B8 =D0=
=B4=D1=80=D1=83=D0=B3=D0=B8=D0=B5 =D0=B7=D0=BD=D0=B0=D1=87=D0=B5=D0=BD=D0=
=B8=D1=8F =E2=80=93 1,2 =D0=B8 =D1=82.=D0=B4.
--login --pin 11111111 =E2=80=94 =D1=83=D0=BA=D0=B0=D0=B7=D1=8B=D0=B2=D0=B0=
=D0=B5=D1=82, =D1=87=D1=82=D0=BE =D1=81=D0=BB=D0=B5=D0=B4=D1=83=D0=B5=D1=82=
=D0=BF=D1=80=D0=BE=D0=B8=D0=B7=D0=B2=D0=B5=D1=81=D1=82=D0=B8 =D0=BB=D0=BE=
=D0=B3=D0=B8=D0=BD =D0=BF=D0=BE=D0=B4 =D0=BF=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE=
=D0=B2=D0=B0=D1=82=D0=B5=D0=BB=D0=B5=D0=BC, =D1=81 =D0=9F=D0=98=D0=9D =D0=
=BA=D0=BE=D0=B4=D0=BE=D0=BC =C2=AB11111111=C2=BB. =D0=95=D1=81=D0=BB=D0=B8 =
=D1=83 =D0=92=D0=B0=D1=88=D0=B5=D0=B9 =D0=BA=D0=B0=D1=80=D1=82=D1=8B =D0=B4=
=D1=80=D1=83=D0=B3=D0=BE=D0=B9 =D0=9F=D0=98=D0=9D-=D0=BA=D0=BE=D0=B4 =D0=BF=
=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE=D0=B2=D0=B0=D1=82=D0=B5=D0=BB=D1=8F, =D1=83=
=D0=BA=D0=B0=D0=B6=D0=B8=D1=82=D0=B5 =D0=B5=D0=B3=D0=BE.
--write-object ./client.cer =E2=80=94 =D1=83=D0=BA=D0=B0=D0=B7=D1=8B=D0=B2=
=D0=B0=D0=B5=D1=82, =D1=87=D1=82=D0=BE =D0=BD=D0=B5=D0=BE=D0=B1=D1=85=D0=BE=
=D0=B4=D0=B8=D0=BC=D0=BE =D0=B7=D0=B0=D0=BF=D0=B8=D1=81=D0=B0=D1=82=D1=8C =
=D0=BE=D0=B1=D1=8A=D0=B5=D0=BA=D1=82 =D0=B8 =D0=BF=D1=83=D1=82=D1=8C =D0=B4=
=D0=BE =D0=BD=D0=B5=D0=B3=D0=BE.
--type 'cert' =E2=80=94 =D1=83=D0=BA=D0=B0=D0=B7=D1=8B=D0=B2=D0=B0=D0=B5=D1=
=82, =D1=87=D1=82=D0=BE =D1=82=D0=B8=D0=BF =D0=B7=D0=B0=D0=BF=D0=B8=D1=81=
=D1=8B=D0=B2=D0=B0=D0=B5=D0=BC=D0=BE=D0=B3=D0=BE =D0=BE=D0=B1=D1=8A=D0=B5=
=D0=BA=D1=82=D0=B0 =E2=80=93 =D1=81=D0=B5=D1=80=D1=82=D0=B8=D1=84=D0=B8=D0=
=BA=D0=B0=D1=82.
'cert' --label 'Certificate' =E2=80=94 =D1=83=D1=81=D1=82=D0=B0=D0=BD=D0=B0=
=D0=B2=D0=BB=D0=B8=D0=B2=D0=B0=D0=B5=D1=82 =D0=B0=D1=82=D1=80=D0=B8=D0=B1=
=D1=83=D1=82 CKA_LABEL =D1=81=D0=B5=D1=80=D1=82=D0=B8=D1=84=D0=B8=D0=BA=D0=
=B0=D1=82=D0=B0. =D0=90=D1=82=D1=80=D0=B8=D0=B1=D1=83=D1=82 =D0=BC=D0=BE=D0=
=B6=D0=B5=D1=82 =D0=B1=D1=8B=D1=82=D1=8C =D0=BB=D1=8E=D0=B1=D1=8B=D0=BC.
--id 42 =E2=80=94 =D1=83=D1=81=D1=82=D0=B0=D0=BD=D0=B0=D0=B2=D0=BB=D0=B8=D0=
=B2=D0=B0=D0=B5=D1=82 =D0=B0=D1=82=D1=80=D0=B8=D0=B1=D1=83=D1=82 CKA_ID =D1=
=81=D0=B5=D1=80=D1=82=D0=B8=D1=84=D0=B8=D0=BA=D0=B0=D1=82=D0=B0. =D0=94=D0=
=BE=D0=BB=D0=B6=D0=B5=D0=BD =D0=B1=D1=8B=D1=82=D1=8C =D1=83=D0=BA=D0=B0=D0=
=B7=D0=B0=D0=BD =D1=82=D0=BE=D1=82 =D0=B6=D0=B5 CKA_ID, =D1=87=D1=82=D0=BE =
=D0=B8 =D0=B4=D0=BB=D1=8F =D0=BA=D0=BB=D1=8E=D1=87=D0=B5=D0=B9.
--module /lib64/libASEP11.so =E2=80=94 =D1=83=D0=BA=D0=B0=D0=B7=D1=8B=D0=B2=
=D0=B0=D0=B5=D1=82 =D0=BF=D1=83=D1=82=D1=8C =D0=B4=D0=BE =D0=B1=D0=B8=D0=B1=
=D0=BB=D0=B8=D0=BE=D1=82=D0=B5=D0=BA=D0=B8 libASEP11.so.
=D0=9D=D0=B0=D1=81=D1=82=D1=80=D0=BE=D0=B9=D0=BA=
=D0=B0 =D0=BA=D0=BB=D0=B8=D0=B5=D0=BD=D1=82=D0=B0. =D0=9F=D1=80=D0=BE=D0=B2=
=D0=B5=D1=80=D0=BA=D0=B0 =D1=80=D0=B0=D0=B1=D0=BE=D1=82=D0=BE=D1=81=D0=BF=
=D0=BE=D1=81=D0=BE=D0=B1=D0=BD=D0=BE=D1=81=D1=82=D0=B8
=D0=A1=D0=BE=D0=B7=D0=B4=D0=B0=D0=B9=D1=82=D0=B5 =D0=BD=D0=B0 =D0=BA=D0=BB=
=D0=B8=D0=B5=D0=BD=D1=82=D0=B5 =D0=BA=D0=B0=D1=82=D0=B0=D0=BB=D0=BE=D0=B3 /=
etc/krb5/. =D0=A1=D0=BA=D0=BE=D0=BF=D0=B8=D1=80=D1=83=D0=B9=D1=82=D0=B5 =D0=
=B2 /etc/krb5/ =D1=81=D0=B5=D1=80=D1=82=D0=B8=D1=84=D0=B8=D0=BA=D0=B0=D1=82=
CA (cacert.pem) c =D1=81=D0=B5=D1=80=D0=B2=D0=B5=D1=80=D0=B0. =D0=9D=D0=B0=
=D1=81=D1=82=D1=80=D0=BE=D0=B9=D1=82=D0=B5 kerberos =D0=B2 /etc/krb5.conf. =
=D0=A1=D0=B5=D0=BA=D1=86=D0=B8=D1=8E [libdefaults] =D0=B4=D0=BE=D0=BF=D0=BE=
=D0=BB=D0=BD=D0=B8=D1=82=D0=B5 =D1=81=D0=BB=D0=B5=D0=B4=D1=83=D1=8E=D1=89=
=D0=B8=D0=BC=D0=B8 =D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0=D0=BC=D0=B8.
[libdefaults]
default_realm =3D EXAMPLE.RU
pkinit_anchors =3D FILE:/etc/krb5/cacert.pem
pkinit_identities =3D PKCS11:/lib64/libASEP11.so
=D0=92=D1=8B=D0=BF=D0=BE=D0=BB=D0=BD=D0=B8=D1=82=D0=B5 =D0=BF=D1=80=D0=
=BE=D0=B2=D0=B5=D1=80=D0=BA=D1=83:
kinit <username>
=D0=9A=D0=BE=D0=B3=D0=B4=D0=B0 =D0=BF=D0=BE=D1=8F=D0=B2=D0=B8=D1=82=
=D1=81=D1=8F =D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B7=D0=B0=D0=BF=D1=80=
=D0=BE=D1=81=D0=B0 =D0=9F=D0=98=D0=9D-=D0=BA=D0=BE=D0=B4=D0=B0 =D0=BA =D0=
=BA=D0=B0=D1=80=D1=82=D0=B5, =D0=B2=D0=B2=D0=B5=D0=B4=D0=B8=D1=82=D0=B5 =D0=
=B5=D0=B3=D0=BE.
=D0=94=D0=BB=D1=8F =D0=BF=D1=80=D0=BE=D0=B2=D0=B5=D1=80=D0=BA=D0=B8 =D1=82=
=D0=BE=D0=B3=D0=BE, =D1=87=D1=82=D0=BE =D0=B1=D0=B8=D0=BB=D0=B5=D1=82 kerbe=
ros =D0=B1=D1=8B=D0=BB =D1=83=D1=81=D0=BF=D0=B5=D1=88=D0=BD=D0=BE =D0=BF=D0=
=BE=D0=BB=D1=83=D1=87=D0=B5=D0=BD =D0=B4=D0=BB=D1=8F =D0=BF=D0=BE=D0=BB=D1=
=8C=D0=B7=D0=BE=D0=B2=D0=B0=D1=82=D0=B5=D0=BB=D1=8F, =D0=B2=D0=B2=D0=B5=D0=
=B4=D0=B8=D1=82=D0=B5 =D0=BA=D0=BE=D0=BC=D0=B0=D0=BD=D0=B4=D1=83:=20
klist
=D0=94=D0=BB=D1=8F =D1=83=D0=B4=D0=B0=D0=BB=D0=B5=D0=BD=D0=B8=D1=8F =D0=B1=
=D0=B8=D0=BB=D0=B5=D1=82=D0=B0 =E2=80=94 =D0=BA=D0=BE=D0=BC=D0=B0=D0=BD=D0=
=B4=D1=83:=20
kdestroy
=D0=94=D0=BB=D1=8F =D0=B2=D1=85=D0=BE=D0=B4=D0=B0 =D0=B2 =D0=B4=D0=BE=D0=BC=
=D0=B5=D0=BD =D0=BF=D0=BE =D1=81=D0=BC=D0=B0=D1=80=D1=82-=D0=BA=D0=B0=D1=80=
=D1=82=D0=B5 =D0=BD=D0=B0 =D1=8D=D0=BA=D1=80=D0=B0=D0=BD=D0=B5 =D0=B2=D1=85=
=D0=BE=D0=B4=D0=B0 =D0=B2 =D0=9E=D0=A1, =D0=B2=D0=BC=D0=B5=D1=81=D1=82=D0=
=BE =D0=BF=D0=B0=D1=80=D0=BE=D0=BB=D1=8F =D0=B2=D0=B2=D0=B5=D0=B4=D0=B8=D1=
=82=D0=B5 =D0=9F=D0=98=D0=9D-=D0=BA=D0=BE=D0=B4 =D0=BE=D1=82 =D1=81=D0=BC=
=D0=B0=D1=80=D1=82-=D0=BA=D0=B0=D1=80=D1=82=D1=8B.