KX.509 is an open source project designed to provide the
University of Michigan with a secure means of acquiring
short-term X.509 certificates that are Kerberos authenticated.
See the download page for download
KX.509 itself never needs passwords. Instead, one is
is expected to use one's password to obtain Kerberos
tickets via other system software (ex. Leash for KfW,
Microsoft's GINA for Microsoft's kerberos credential cache).
Users need only authenticate once per machine login
to be able to silently authenticate to web-servers
that are using X.509 authentication, eliminating
the need to volunteer ones password when solicited
by web sites.
Since ones password is never offered, compromise
of web-servers that one has authenticated to
doesn't compromise ones password.
-- When a certificate is about to expire, KX.509 attempts
to automatically use current Kerberos tickets to acquire
a new one. Depending on whether this succeeds or fails,
KX.509 updates its Tray Icon to be either a green
certificate (succeeded) or a red, crossed-out one (failed).
Ones KX.509-acquired certificate is automatically
removed when one logs out.
Contact: kx509-feedback at umich.edu
KX.509 is freely available and distributed under an
open source license: license.txt
KX.509 is included in National Science Foundation Middleware Initiative (NMI) EDIT software release.