OID for Kerberos Principal Name

Bram Cymet bcymet at cbnco.com
Thu Jul 29 11:22:20 EDT 2010


Hi,

I am attempting to get pkinit working. I am using my own custom CA to
generate the certs and I am having a little trouble generating a correct
Subject Alternative Name (SAN) in my certs.

I have been able to generate a cert with a Microsoft Universal Principal
Name OID: 1.3.6.1.4.1.311.20.2.3

However when I use this cert the kdc says 'unrecognized othername oid in
SAN'

Can anyone tell me what the correct OID that I should be using is so
that I don't get a 'client name mismatch' error?

This is for MIT kerberos.

Thanks,

Bram Cymet
 





More information about the Kerberos mailing list