On PKINIT padata
Benjamin Kaduk
kaduk at MIT.EDU
Tue Apr 15 23:06:38 EDT 2014
On Wed, 16 Apr 2014, arpit.orb wrote:
> Hi All,
>
> 1. What apis in MIT Kerberos lib are called when the pkinit is
> successful. Shouldkrb5_get_init_creds_password be called in case of
> pkinit ?
I'm not sure I understand the question. For one, is this anonymous pkinit
nor non-anonymous?
> 2. What does PADATA UNKNOWN 149 means ? (I am getting that in AS REQ and
> PRE-AUTH REQUIRED packets)
From krb5.h, 149 is KRB5_ENCPADATA_REQ_ENC_PA_REP, from RFC 6806. Perhaps
your client krb5 implementation is too old to have this support (but it
looks like it was first added in 1.8, which is a bit old at this point)?
-Ben Kaduk
More information about the Kerberos
mailing list