problem in sending AS_REQ

naveen.bn naveen.bn at globaledgesoft.com
Tue May 27 07:38:08 EDT 2008


Russ Allbery wrote:

>"naveen.bn" <naveen.bn at globaledgesoft.com> writes:
>
>  
>
>>[realms]
>>     _kerberos._udp.globaledgesoft.com = {
>>        admin_server = 172.16.8.141
>>        kdc = 172.16.8.141
>>        v4_instance_convert = {
>>            gesl =  _kerberos._udp.globaledgesoft.com
>>            lithium = lithium.lcs. _kerberos._udp.globaledgesoft.com
>>        }
>>    
>>
>
>This is almost certainly not what you want.  You're confusing the DNS SRV
>records with the names of realms and hosts.  The krb5.conf (and kdc.conf)
>should contain simple realm names and hostnames, not the SRV record names.
>
>  
>
Hi Russ Allbery

Thank you for your replay.     I know this not a good practice,but the 
problem,  i am facing in the AS_REQ is that, the  pa_data field  is not 
getting filled with the certificates provided from the command line.   I 
am able to get AS_REP with out certificates .   I am using krb5-1.6.3.   
It will be a great help if i get a link which  gives example for using 
PKINIT enabled client configuration for using certificates for 
authentication.

thank you.




More information about the Kerberos mailing list