pkinit for multiple user support
sasikumar bodathula
sasikumar.b at rediffmail.com
Wed May 29 01:54:04 EDT 2013
Hi,
I am trying to test multiple user with certificated(pkinit)
Following are the steps were followed
1. In KDC created 2 users testuser and testuser2 and enabled +requires_preauth with modprinc
2. Created CA certificate and KDC certifcate
krb5.conf in KDC contains
pkinit_identity = FILE:/etc/krb5kdc/kdc.pem,/etc/krb5kdc/kdckey.pem
pkinit_anchors = FILE:/etc/krb5kdc/cacert.pem
3. Created certificate for testuser with CA created in step2
4. Created certificate for testuser2 with CA created in step2
krb5.conf in Client machine
pkinit_pool = DIR:/etc/certificates/usercerts/
pkinit_anchors = DIR:/etc/certificates/usercerts/
Kinit command for testuser
kinit -V -X
X509_user_pool=DIR:/etc/certificates/usercerts/ -X
X509_anchors=DIR:/etc/certificates/usercerts/ -X
flag_RSA_PROTOCOL=yes testuser
Kinit command for testuser2
kinit -V -X
X509_user_pool=DIR:/etc/certificates/usercerts/ -X
X509_anchors=DIR:/etc/certificates/usercerts/ -X
flag_RSA_PROTOCOL=yes testuser2
In both the cases kinit prompts for password
NOTE:-
1. If certificated specified instead of directory it works fine does not prompt for password.
2. Both testuser and testuser2 certificated along with CA are placed in same location "/etc/certificates/usercerts/"
Please guide me if I am missing something important in this procedure.
Best Regards,
B.Sasikumar.
More information about the Kerberos
mailing list