Heimdahl Kerberos on MacOSX 10.9.5 using pkinit produces verify error

Greg Hudson ghudson at mit.edu
Sun Aug 23 11:10:21 EDT 2015


On 08/23/2015 09:51 AM, Glenn Machin wrote:
> Aug 22 19:23:35 as36snllx krb5kdc[25098]: AS_REQ (7 etypes {18 17 16 23 
> 3 2 1}) 134.253.253.38: PREAUTH_FAILED: gmachin at dce.sandia.gov for 
> krbtgt/dce.sandia.gov at dce.sandia.gov, error:0D08303A:asn1 encoding 
> routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error

> Is this a known problem?

We've seen one other report of this error with the same combination of
OS X client and krb5 1.10 KDC.  I might be able to track it down given a
raw packet dump of the request, if you can send one to me personally.
(There shouldn't be any really secret information in the packet dump,
but the list server will strip attachments.)

The other report was here:

http://mailman.mit.edu/pipermail/kerberos/2015-June/020819.html


More information about the Kerberos mailing list