[29876] in Kerberos
Re: problem in sending AS_REQ
daemon@ATHENA.MIT.EDU (naveen.bn)
Tue May 27 02:09:17 2008
Message-ID: <483BF2A0.3030209@globaledgesoft.com>
Date: Tue, 27 May 2008 11:38:08 +0000
From: "naveen.bn" <naveen.bn@globaledgesoft.com>
MIME-Version: 1.0
To: Russ Allbery <rra@stanford.edu>
In-Reply-To: <878wxwgbn8.fsf@windlord.stanford.edu>
Cc: kerberos <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Russ Allbery wrote:
>"naveen.bn" <naveen.bn@globaledgesoft.com> writes:
>
>
>
>>[realms]
>> _kerberos._udp.globaledgesoft.com = {
>> admin_server = 172.16.8.141
>> kdc = 172.16.8.141
>> v4_instance_convert = {
>> gesl = _kerberos._udp.globaledgesoft.com
>> lithium = lithium.lcs. _kerberos._udp.globaledgesoft.com
>> }
>>
>>
>
>This is almost certainly not what you want. You're confusing the DNS SRV
>records with the names of realms and hosts. The krb5.conf (and kdc.conf)
>should contain simple realm names and hostnames, not the SRV record names.
>
>
>
Hi Russ Allbery
Thank you for your replay. I know this not a good practice,but the
problem, i am facing in the AS_REQ is that, the pa_data field is not
getting filled with the certificates provided from the command line. I
am able to get AS_REP with out certificates . I am using krb5-1.6.3.
It will be a great help if i get a link which gives example for using
PKINIT enabled client configuration for using certificates for
authentication.
thank you.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
