Re: Getting error in pkinit
sasikumar bodathula
sasikumar.b at rediffmail.com
Wed Jul 3 08:28:21 EDT 2013
Thank you for the assistance It is now working.
Best Regards,
B.Sasikumar.
From: Greg Hudson <ghudson at MIT.EDU>
Sent: Mon, 01 Jul 2013 21:34:35
To: sasikumar bodathula <sasikumar.b at rediffmail.com>
Cc: kerberos <kerberos at mit.edu>
Subject: Re: Getting error in pkinit
On 07/01/2013 03:20 AM, sasikumar bodathula wrote:
> preauth (pkinit) verify failure: Inconsistent key purpose
> Inconsistent key purpose
>
> What is the meaning of this error and is there any problem with the certificates or KDC or client picking the wrong certificates?
This means the KDC could not verify the extended key usage field of the
client certificate. In the instructions at
http://web.mit.edu/kerberos/krb5-latest/doc/admin/pkinit.html
this field is added by the line "extendedKeyUsage=1.3.6.1.5.2.3.4" in
the extensions file.
More information about the Kerberos
mailing list