Failed to verify CMS message: bad signature

Todd Grayson tgrayson at cloudera.com
Wed Feb 26 09:51:59 EST 2020


The discussions I've seen where this is done successfully use tar to grab
all the files (do an ls -la in the kdc path to see what you missed) along
with the krb5.conf.  I believe you are missing important file(s) based on
what you listed.

On Wed, Feb 26, 2020, 7:31 AM jarek <jarek at poczta.srv.pl> wrote:

> Hello!
>
>         I've tried to migrate KDC (Debian 7) to new hardware with
> Debian 9.
>         We are using KDC with pkinit and smartcards.
>         After fresh installation, I have copied /etc/krb5.conf,
> /etc/krb5.keytab, /etc/krb5kdc and /var/lib/krb5kdc.
>         All certificates are in /etc/krb5kdc.
>         The new machine has the same name as old, only IP is different.
>         kadmin lists all pricinpals, kdc and admin server are working.
>
>         kinit from remote machine fails, on KDC in authlog we have
> message:
>
> PREAUTH_FAILED: Failed to verify CMS message: bad signature
>
> What can be wrong ?
>
> Best regards
> Jarek
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>


More information about the Kerberos mailing list