naming problem

Kevin Coffman kwc at umich.edu
Thu Jun 12 11:40:44 EDT 2008


Normal principals usually don't have an instance.  However, there
shouldn't be anything that prevents a principal with an instance from
working.

If your certificates are correctly set up for the two principals, this
might be a bug.

K.C.

On Thu, Jun 12, 2008 at 11:10 AM, naveen.bn
<naveen.bn at globaledgesoft.com> wrote:
>
> Hi kevin,
> I am getting client name mismatch when i do,
>
> kinit -X X509_user_identity=FILE:/client/test.pem,/client/test.key test/rg71
> kinit(v5): Client name mismatch while getting initial credentials
>
> the naming which i have followed in the certificates are:
>
> CN = test/rg71
> SAN= test/rg71 at globaledgesoft.com
>
> but, the same works when i do kinit -X
> X509_user_identity=FILE:/client/test.pem,/client/test.key test
> with CN = test
> SAN = test.
> Should there not be a slash in the clients name, but kinit will send the
> as_req with
> the slash in the client name.
>
> kindly help me in solving this problem.
>
> Thank you
> with regards
> naveen



More information about the Kerberos mailing list