[13590] in Kerberos_V5_Development


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: pkinit and AD 2008

daemon@ATHENA.MIT.EDU (Jeffrey Hutzelman)
Mon Jun 30 14:55:26 2008

Date: Mon, 30 Jun 2008 14:54:22 -0400
From: Jeffrey Hutzelman <jhutz@cmu.edu>
To: Olga Kornievskaia <aglo@citi.umich.edu>,
   "Douglas E. Engert" <deengert@anl.gov>
Message-ID: <853CB33D7EACF89ACD819503@sirius.fac.cs.cmu.edu>
In-Reply-To: <200806271606.m5RG6B3K019363@grapenut.srv.cs.cmu.edu>
MIME-Version: 1.0
Content-Disposition: inline
Cc: "'krbdev@mit.edu'" <krbdev@mit.edu>, jhutz@cmu.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu

--On Friday, June 27, 2008 12:05:41 PM -0400 Olga Kornievskaia 
<aglo@citi.umich.edu> wrote:

> 3. dnsName in the KDC's certificate doesn't match the hostname specified
> in your krb5.conf

Um.  Why would you expect that?  PKINIT contains no requirement that the 
KDC's certificate contain a dnsName, nor that it match any particular 
hostname if it is present.  The only requirement is for an id-pkinit-san 
matching the name of the realm's TGS.

-- Jeff
_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[13590] in Kerberos_V5_Development

Re: pkinit and AD 2008

daemon@ATHENA.MIT.EDU (Jeffrey Hutzelman)Mon Jun 30 14:55:26 2008

daemon@ATHENA.MIT.EDU (Jeffrey Hutzelman)
Mon Jun 30 14:55:26 2008