X.509 preauth
Greg Hudson
ghudson at mit.edu
Sat Oct 31 11:45:10 EDT 2015
On 10/31/2015 10:06 AM, Pascal Jakobi wrote:
> Problem is that nothing is logged on the KDC side...
There should be a message at startup, like:
Oct 29 13:04:46 equal-rites krb5kdc[19021](Error): preauth pkinit
failed to initialize: No realms configured correctly for pkinit
support
although it isn't as specific as it should be.
> pkinit_identity = FILE:/etc/pki/krb5/certs/kdc_cert.pem, /etc/pki/krb5/private/kdc_key.pem
I don't think the space after the comma there is permitted. (More
precisely, it's treated as part of the pathname for the key file.)
More information about the krbdev
mailing list