trouble with pkinit
Ken Hornstein
kenh at cmf.nrl.navy.mil
Fri Apr 17 18:21:53 EDT 2026
>Any ideas? If there's a way to increase the debugging (or even
>instrument the mit code directly), I'm happy to try out any suggestions.
Oh, I realized I should have answered this part as well:
- The KDC logs are helpful as well (but they would have told you the
exact same thing).
- If you set the KRB5_TRACE environment variable, a lot of debugging output
will be generated. You want that to be set to the name of an output
file; you can use /dev/stdout on most operating systems to get it
printed directly to the terminal. However, in this case it
would have also told you the same thing, just more verbosely. E.g.:
[21198] 1776464444.633823: Response was from primary KDC
[21198] 1776464444.633824: Received error from KDC: -1765328378/Client not found in Kerberos database
--Ken
More information about the krbdev
mailing list