Getting error in pkinit

Greg Hudson ghudson at MIT.EDU
Mon Jul 1 12:04:29 EDT 2013


On 07/01/2013 03:20 AM, sasikumar bodathula wrote:
> preauth (pkinit) verify failure: Inconsistent key purpose
> Inconsistent key purpose
> 
> What is the meaning of this error and is there any problem with the certificates or KDC or client picking the wrong certificates?

This means the KDC could not verify the extended key usage field of the
client certificate.  In the instructions at

    http://web.mit.edu/kerberos/krb5-latest/doc/admin/pkinit.html

this field is added by the line "extendedKeyUsage=1.3.6.1.5.2.3.4" in
the extensions file.



More information about the Kerberos mailing list