Help setting up PKINIT

[Greg Hudson]

On 04/13/2014 09:40 PM, Nordgren, Bryce L -FS wrote:
> It now looks to me like the KDC returns a ticket, but kinit still asks for a password.

It sounds like the client is failing to process the KDC response padata,
and therefore thinks that the password is required to compute the reply
key.  If you run kinit with the KRB5_TRACE environment variable set to a
filename (or to /dev/stdout), you may be able to collect more
information on why it is failing.