preauth failed KRB5KDC_ERR_CLIENT_NAME_MISMATCH
naveen.bn
naveen.bn at globaledgesoft.com
Thu May 29 05:53:45 EDT 2008
Hi kevin,
Thank you, I took the help of the example file that you had sent me and generated the certificates in pem
formate . Now the AS_REQ is sent with the patype field with PA-DAS (16), I am getting the error
KRB5KDC_ERR_CLIENT_NAME_MISMATCH
this is what i am doing and my config files are shown.
kinit -X X509_user_identity=FILE:/client/other/naveen.pem,/client/other/naveen.key naveen
kinit(v5): Client name mismatch while getting initial credentials
/************** krb5 .conf ************/
[libdefaults]
krb4_config = /usr/kerberos/lib/krb.conf
krb4_realms = /usr/kerberos/lib/krb.realms
default_realm = globaledgesoft.com
[realms]
globaledgesoft.com = {
kdc = 172.16.8.141
admin_server = 172.16.8.141
pkinit_anchors = DIR:/ca/other
pkinit_require_eku = true
pkinit_require_krbtgt_otherName = false
pkinit_require_hostname_match = flase
}
[domain_realm]
.globaledgesoft.com = globaledgesoft.com
globaledgesoft.com = globaledgesoft.com
[logging]
kdc=FILE:/var/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
/********* end of krb5.conf ***************/
/********** kdc.conf ****************/
[kdcdefaults]
default_realm = globaledgesoft.com
kdc_ports = 750,88
[realms]
globaledgesoft.com = {
database_name = /usr/local/var/krb5kdc/principal
admin_keytab = FILE:/usr/local/var/krb5kdc/kadm5.keytab
acl_file = /usr/local/var/krb5kdc/kadm5.acl
key_stash_file = /usr/local/var/krb5kdc/.k5._kerberos._udp.globaledgesoft.com
kdc_ports = 750,88
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
pkinit_anchors = DIR:/ca/other
pkinit_identity = FILE:/kdc/other/server.pem,/kdc/other/server.key
# pkinit_allow_upn = true
# pkinit_eku_checking = none
pkinit_revoke = DIR:/ca/other
}
/********* end of kdc.conf ***************/
Thank you
with regards
naveen
More information about the Kerberos
mailing list