Pkinit & Client side errors
Nebergall, Christopher
cneberg at sandia.gov
Mon May 21 15:59:25 EDT 2007
I was playing with the latest pkinit source branch I'm curious about
errors which occur on the client (kinit) side.
If I get my PIN wrong to my smart card, it just continues and asks for a
static password next. It doesn't give an error saying the PIN was wrong
or give me a chance to retry.
Also, I've tried using a smart card with an expired certificate. The
client can't create a valid cert chain so it doesn't contact the server,
but it fails silently to asking for a static password.
When the server doesn't trust my client side certificate, it does give
an understandable error. So there does seem to be a mechanism for
protocol errors.
Any plans for being more user friendly to client side errors?
-Christopher
More information about the krbdev
mailing list