X.509 preauth
Pascal Jakobi
pascal.jakobi at gmail.com
Sat Oct 31 11:59:13 EDT 2015
I corrected the " " issue in krb5.conf. Does not change anything.
Also rechecked the log (attached). Nothing more than
oct. 31 16:53:52 kdc.jakobi.fr krb5kdc[903](info): AS_REQ (6 etypes
{18 17 16 23 25 26}) 192.168.1.4: NEEDED_PREAUTH: pascal at THALES.COM
for krbtgt/THALES.COM at THALES.COM, Additional pre-authentication required
Thanks again for your help !
P
PS I also checked that pkinit is installed :
[pascal at kdc ~]$ rpm -qa | grep krb5
sssd-krb5-common-1.12.2-58.el7_1.17.x86_64
krb5-workstation-1.12.2-15.el7_1.x86_64
pam_krb5-2.4.8-4.el7.x86_64
krb5-pkinit-1.12.2-15.el7_1.x86_64
sssd-krb5-1.12.2-58.el7_1.17.x86_64
krb5-server-ldap-1.12.2-15.el7_1.x86_64
krb5-server-1.12.2-15.el7_1.x86_64
krb5-libs-1.12.2-15.el7_1.x86_64
On 31.10.2015 03:06 carra, Pascal Jakobi wrote:
> kinit pascal -X
> pkinit_identities='/etc/pki/krb5/certs/pascal_cert.pem,/etc/pki/krb5/private/pascal_key.pem'
> -X509_anchors=/etc/pki/CA/certs/ca_corp_cert.pem -X
> X509_user_identity=C=FR,L=Paris,O=Corp,CN=Pascal
--
Pascal Jakobi <mailto:pascal.jakobi at gmail.com>
116 rue de Stalingrad, 93100 Montreuil
France
Tel : +33 6 87 47 58 19
-------------- next part --------------
A non-text attachment was scrubbed...
Name: krb5kdc.log
Type: text/x-log
Size: 20094 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20151031/47a5cad4/attachment.bin
More information about the krbdev
mailing list