[36993] in Kerberos
Debugging PKINIT w/o recompiling?
daemon@ATHENA.MIT.EDU (Nordgren, Bryce L -FS)
Wed May 20 18:01:12 2015
From: "Nordgren, Bryce L -FS" <bnordgren@fs.fed.us>
To: "kerberos@mit.edu" <kerberos@mit.edu>
Date: Wed, 20 May 2015 22:00:48 +0000
Message-ID: <82E7C9A01FD0764CACDD35D10F5DFB6E7DD238@001FSN2MPN1-046.001f.mgd2.msft.net>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Real quick, is there a common cause for the following message in the context of PKINIT?
kinit: Invalid argument while getting initial credentials
Adding "-V" adds no information of value. KDC logs show that the correct principal was located and preauth is required.
Wireshark shows a single AS_REQ/KRB_ERROR. Specifying identities on a smard card reveals that the network traffic completes, then a PIN is requested, then the "Invalid argument" error is emitted without further network traffic. As far as I can tell, this string exists exactly nowhere in the source code.
I'll start polluting my box with *-devel packages to support recompiling with the debug option on, but I'm willing to stop if you already know the answer.
Bryce
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
