[32053] in Kerberos
URG: PKINIT error
daemon@ATHENA.MIT.EDU (vinay kumar)
Tue Feb 16 11:18:40 2010
MIME-Version: 1.0
Date: Tue, 16 Feb 2010 12:00:04 +0530
Message-ID: <dca721831002152230g702960a3pdc1bc963406ee641@mail.gmail.com>
From: vinay kumar <winay.l@gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi all,
I am implementing PKINIT. My krb5.conf and kdc.conf are as follows
*************krb5.conf************
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = GLOBALEDGESOFT.COM
dns_lookup_realm = false
dns_lookup_kdc = false
pkinit_anchors = DIR:/ca/
[realms]
GLOBALEDGESOFT.COM = {
kdc = 172.16.10.211
admin_server = 172.16.10.211
default_domain = globaledgesoft.com
pkinit_identity = DIR:/client/
}
[domain_realm]
.globaledgesoft.com = GLOBALEDGESOFT.COM
globaledgesoft.com = GLOBALEDGESOFT.COM
[kdc]
profile = /etc/kdc.conf
require-preauth = yes
pkinit_identity = DIR:/kdc/
[kadmin]
require-preauth = yes
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
********************************************************
**************kdc.conf********************************
[kdcdefaults]
kdc_ports = 750,88
pkinit_anchors = DIR:/ca/
pkinit_identity = DIR:/kdc/
[realms]
GLOBALEDGESOFT.COM = {
database_name = /usr/local/var/krb5kdc/principal
admin_keytab = FILE:/usr/local/var/krb5kdc/kadm5.keytab
acl_file = /usr/local/var/krb5kdc/kadm5.acl
key_stash_file = /usr/local/var/krb5kdc/.
k5.GLOBALEDGESOFT.COM
kdc_ports = 750,88
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
pkinit_identity = FILE:/client/
}
[kdc]
require-preauth = yes
***********************************************************
I have generated the certificates using openssl:
/ca contains ca.crt ca.csr ca.key
/kdc contains kdc.crt kdc.csr kdc.key
/client contains client.crt client.csr client.key
***********************************************************
I have set preauth flag for principals. When i do kinit
vinay@GLOBALEDGESOFT.COM, its sending only AS_REQ and in reply i am getting
KRB Error: KRB5KDC_ERR_PREAUTH_REQUIRED. Why am i getting these error? Why
its sending only AS_REQ(without containing preauthentication data)? What are
the modifications needed? Plz guide me.
Regards,
Vinay
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
