[29959] in Kerberos
Re: naming problem
daemon@ATHENA.MIT.EDU (Kevin Coffman)
Thu Jun 12 11:41:49 2008
Message-ID: <4d569c330806120840u15b5a000ka2cb7e39da751053@mail.gmail.com>
Date: Thu, 12 Jun 2008 11:40:44 -0400
From: "Kevin Coffman" <kwc@umich.edu>
To: "naveen.bn" <naveen.bn@globaledgesoft.com>
In-Reply-To: <48513C50.3090904@globaledgesoft.com>
MIME-Version: 1.0
Content-Disposition: inline
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Normal principals usually don't have an instance. However, there
shouldn't be anything that prevents a principal with an instance from
working.
If your certificates are correctly set up for the two principals, this
might be a bug.
K.C.
On Thu, Jun 12, 2008 at 11:10 AM, naveen.bn
<naveen.bn@globaledgesoft.com> wrote:
>
> Hi kevin,
> I am getting client name mismatch when i do,
>
> kinit -X X509_user_identity=FILE:/client/test.pem,/client/test.key test/rg71
> kinit(v5): Client name mismatch while getting initial credentials
>
> the naming which i have followed in the certificates are:
>
> CN = test/rg71
> SAN= test/rg71@globaledgesoft.com
>
> but, the same works when i do kinit -X
> X509_user_identity=FILE:/client/test.pem,/client/test.key test
> with CN = test
> SAN = test.
> Should there not be a slash in the clients name, but kinit will send the
> as_req with
> the slash in the client name.
>
> kindly help me in solving this problem.
>
> Thank you
> with regards
> naveen
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
