problem in sending AS_REQ

naveen.bn naveen.bn at globaledgesoft.com
Mon May 26 12:02:51 EDT 2008 

hi all,
This is my krb5.conf
*********************  krb5.conf ******************************
[libdefaults]
    default_realm = _kerberos._udp.globaledgesoft.com
    krb4_config = /usr/kerberos/lib/krb.conf
    krb5_realms = /usr/kerberos/lib/krb.realms
    pkinit_anchors  = FILE:/secure/ca-cert.pem

[realms]
     _kerberos._udp.globaledgesoft.com = {
        admin_server = 172.16.8.141
        kdc = 172.16.8.141
        v4_instance_convert = {
            gesl =  _kerberos._udp.globaledgesoft.com
            lithium = lithium.lcs. _kerberos._udp.globaledgesoft.com
        }

    pkinit_identity = FILE:/secure/mycert.pem,/secure/mycert.key
   
    }
    ANDREW.CMU.EDU = {
        admin_server = 172.16.8.141
    }
# use "kdc =" if realm admins haven't put SRV records into DNS
        GNU.ORG = {
                kdc = 172.16.8.141
                kdc = 172.16.9.141
                admin_server = 172.16.8.141
        }

[domain_realm]
    .globaledgesoft.com = _kerberos._udp.globaledgesoft.com
    globaledgesoft.com = _kerberos._udp.globaledgesoft.com

[logging]
#    kdc = CONSOLE
    kdc=FILE:/var/krb5kdc.log
    admin_server = FILE:/var/log/kadmin.log
        default = FILE:/var/log/krb5lib.log
***********************************************************************
and this is my kdc.conf
[kdcdefaults]
    kdc_ports = 750,88
    pkinit_identity=FILE:/secure/mycert.crt,/secure/mycert.key
    pkinit_anchors=DIR:/secure/ca-cert.pem
[realms]
  _kerberos._udp.globaledgesoft.com = {
        database_name = /usr/local/var/krb5kdc/principal
        admin_keytab = FILE:/usr/local/var/krb5kdc/kadm5.keytab
        acl_file = /usr/local/var/krb5kdc/kadm5.acl
        key_stash_file = 
/usr/local/var/krb5kdc/.k5._kerberos._udp.globaledgesoft.com
        kdc_ports = 750,88
        max_life = 10h 0m 0s
        max_renewable_life = 7d 0h 0m 0s

    pkinit_identity=FILE:/secure/mycert.crt,/secure/mycert.key
    pkinit_anchors=DIR:/secure/ca-cert.pem
    }

***************************************** kdc.conf **********************
I have used openssl program to generate the mycert.pem and key , but i 
have not signed it with any ( neither self nor with ca ).

kinit -X X509_user_identity=FILE:/secure/mycert.pem,/secure/mycert.key 
naveen
kinit(v5): Unknown code u8JW 88 while setting 
'X509_user_identity'='FILE:/secure/mycert.pem,/secure/mycert.key

i am not able to send AS_REQ with pa data filled with certificates .
I am stuck her, please help me .

thank you .

with regards
naveen

More information about the Kerberos mailing list