problem in sending AS_REQ
naveen.bn
naveen.bn at globaledgesoft.com
Tue May 27 07:38:08 EDT 2008
Russ Allbery wrote:
>"naveen.bn" <naveen.bn at globaledgesoft.com> writes:
>
>
>
>>[realms]
>> _kerberos._udp.globaledgesoft.com = {
>> admin_server = 172.16.8.141
>> kdc = 172.16.8.141
>> v4_instance_convert = {
>> gesl = _kerberos._udp.globaledgesoft.com
>> lithium = lithium.lcs. _kerberos._udp.globaledgesoft.com
>> }
>>
>>
>
>This is almost certainly not what you want. You're confusing the DNS SRV
>records with the names of realms and hosts. The krb5.conf (and kdc.conf)
>should contain simple realm names and hostnames, not the SRV record names.
>
>
>
Hi Russ Allbery
Thank you for your replay. I know this not a good practice,but the
problem, i am facing in the AS_REQ is that, the pa_data field is not
getting filled with the certificates provided from the command line. I
am able to get AS_REP with out certificates . I am using krb5-1.6.3.
It will be a great help if i get a link which gives example for using
PKINIT enabled client configuration for using certificates for
authentication.
thank you.
More information about the Kerberos
mailing list