[37083] in Kerberos

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

pkinit with heimdal kinit

daemon@ATHENA.MIT.EDU (Jim Shi)
Thu Jun 11 01:29:18 2015

From: Jim Shi <hanmao_shi@apple.com>
Message-id: <63B2D3C8-9055-4A36-9081-DCED5B0DF05D@apple.com>
Date: Wed, 10 Jun 2015 22:28:48 -0700
To: kerberos@mit.edu
MIME-version: 1.0 (Mac OS X Mail 8.2 \(2098\))
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Hi, I have MIT kdc 1.10.6 running on linux server.
the client is heimdal kinit on OS X.

on OS X:

./kinit -C FILE:client.pem,clientkey.pem --x509-anchors=FILE:cacert.pem testuser@REALM

on KDC server, I saw this error:

Jun 09 14:50:20 MacBook-Pro.local krb5kdc[17663](info): AS_REQ (4 etypes {18 17 16 23}) 127.0.0.1: NEEDED_PREAUTH: testuser@REALM for krbtgt/REALM@REALM, Additional pre-authentication required
Jun 09 14:50:20 MacBook-Pro.local krb5kdc[17663](info): preauth (pkinit) verify failure: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error

Jun 09 14:50:20 MacBook-Pro.local krb5kdc[17663](info): AS_REQ (4 etypes {18 17 16 23}) 127.0.0.1: PREAUTH_FAILED: testuser@REALM for krbtgt/REALM@REALM, error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error


I checked the certificates and they looks good to me.

What else could be wrong?

Thanks for your help.


Thanks
Jim





________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home	help	back	first	fref	pref	prev	next	nref	lref	last	post