Debugging PKINIT w/o recompiling?
Nordgren, Bryce L -FS
bnordgren at fs.fed.us
Wed May 20 18:00:48 EDT 2015
Real quick, is there a common cause for the following message in the context of PKINIT?
kinit: Invalid argument while getting initial credentials
Adding "-V" adds no information of value. KDC logs show that the correct principal was located and preauth is required.
Wireshark shows a single AS_REQ/KRB_ERROR. Specifying identities on a smard card reveals that the network traffic completes, then a PIN is requested, then the "Invalid argument" error is emitted without further network traffic. As far as I can tell, this string exists exactly nowhere in the source code.
I'll start polluting my box with *-devel packages to support recompiling with the debug option on, but I'm willing to stop if you already know the answer.
More information about the Kerberos