Several MIT Kerberos infrastructures and user certificate
marsipulami@free.fr
marsipulami at free.fr
Mon Oct 21 10:20:28 EDT 2013
Hello everyone,
We're currently deploying several MIT Kerberos infrastructures (e.g. : realms - JCE.POD & LJK.DEV) in our organization.
Now, we want to authenticate users (e.g. : AUserID at JCE.POD & AUserID at LJK.DEV) with a unique user certificate (X509) thanks to PKINIT.
So I followed this doc : http://web.mit.edu/kerberos/krb5-1.11/doc/admin/pkinit.html
But, with this solution, we have two problems :
- We have to define the REALM and the CLIENT in the client certificate and our PKI doesn't deliver this type of certificate with this extension.
- We would like a unique user certificate to authenticate users in all our differents realms, so we can't add the REALM in the certificate.
Can we use the attribute Subject (e.g. : AUserID) without use the certificate extension ?
Thank you for your help.
Marsip.
More information about the Kerberos
mailing list