pkinit with heimdal kinit
Jim Shi
hanmao_shi at apple.com
Thu Jun 11 01:28:48 EDT 2015
Hi, I have MIT kdc 1.10.6 running on linux server.
the client is heimdal kinit on OS X.
on OS X:
./kinit -C FILE:client.pem,clientkey.pem --x509-anchors=FILE:cacert.pem testuser at REALM
on KDC server, I saw this error:
Jun 09 14:50:20 MacBook-Pro.local krb5kdc[17663](info): AS_REQ (4 etypes {18 17 16 23}) 127.0.0.1: NEEDED_PREAUTH: testuser at REALM for krbtgt/REALM at REALM, Additional pre-authentication required
Jun 09 14:50:20 MacBook-Pro.local krb5kdc[17663](info): preauth (pkinit) verify failure: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
Jun 09 14:50:20 MacBook-Pro.local krb5kdc[17663](info): AS_REQ (4 etypes {18 17 16 23}) 127.0.0.1: PREAUTH_FAILED: testuser at REALM for krbtgt/REALM at REALM, error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
I checked the certificates and they looks good to me.
What else could be wrong?
Thanks for your help.
Thanks
Jim
More information about the Kerberos
mailing list