Failed to verify CMS message: bad signature
jarek
jarek at poczta.srv.pl
Thu Feb 27 08:32:02 EST 2020
W dniu 26.02.2020, śro o godzinie 07∶51 -0700, użytkownik Todd Grayson
napisał:
The discussions I've seen where this is done successfully use tar to
grab all the files (do an ls -la in the kdc path to see what you
missed) along with the krb5.conf. I believe you are missing important
file(s) based on what you listed.
It looks that the problem is related to the version incompatibility: I
can login from Debian 9 client (1.15) to Debian 9 KDC (1.15)
but can't login from Debian 7 (1.10.1).
What is strange, that I can login from Debian 9 to Debian 7 KDC.
I suspect openssl CMS incompatibility: https://www.mail-archive.com/ope
nssl-users at openssl.org/msg85910.html
best regards
Jarek
On Wed, Feb 26, 2020, 7:31 AM jarek <jarek at poczta.srv.pl> wrote:
Hello!
I've tried to migrate KDC (Debian 7) to new hardware with
Debian 9.
We are using KDC with pkinit and smartcards.
After fresh installation, I have copied /etc/krb5.conf,
/etc/krb5.keytab, /etc/krb5kdc and /var/lib/krb5kdc.
All certificates are in /etc/krb5kdc.
The new machine has the same name as old, only IP is different.
kadmin lists all pricinpals, kdc and admin server are working.
kinit from remote machine fails, on KDC in authlog we have
message:
PREAUTH_FAILED: Failed to verify CMS message: bad signature
What can be wrong ?
Best regards
Jarek
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list