Failed to verify CMS message: bad signature
Todd Grayson
tgrayson at cloudera.com
Wed Feb 26 09:51:59 EST 2020
The discussions I've seen where this is done successfully use tar to grab
all the files (do an ls -la in the kdc path to see what you missed) along
with the krb5.conf. I believe you are missing important file(s) based on
what you listed.
On Wed, Feb 26, 2020, 7:31 AM jarek <jarek at poczta.srv.pl> wrote:
> Hello!
>
> I've tried to migrate KDC (Debian 7) to new hardware with
> Debian 9.
> We are using KDC with pkinit and smartcards.
> After fresh installation, I have copied /etc/krb5.conf,
> /etc/krb5.keytab, /etc/krb5kdc and /var/lib/krb5kdc.
> All certificates are in /etc/krb5kdc.
> The new machine has the same name as old, only IP is different.
> kadmin lists all pricinpals, kdc and admin server are working.
>
> kinit from remote machine fails, on KDC in authlog we have
> message:
>
> PREAUTH_FAILED: Failed to verify CMS message: bad signature
>
> What can be wrong ?
>
> Best regards
> Jarek
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list