Getting error in pkinit
Greg Hudson
ghudson at MIT.EDU
Mon Jul 1 12:04:29 EDT 2013
On 07/01/2013 03:20 AM, sasikumar bodathula wrote:
> preauth (pkinit) verify failure: Inconsistent key purpose
> Inconsistent key purpose
>
> What is the meaning of this error and is there any problem with the certificates or KDC or client picking the wrong certificates?
This means the KDC could not verify the extended key usage field of the
client certificate. In the instructions at
http://web.mit.edu/kerberos/krb5-latest/doc/admin/pkinit.html
this field is added by the line "extendedKeyUsage=1.3.6.1.5.2.3.4" in
the extensions file.
More information about the Kerberos
mailing list