[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PKINIT - allowed principal format?

To: "'heimdal-discuss@sics.se'" <heimdal-discuss@sics.se>
Subject: PKINIT - allowed principal format?
From: "STEWARD, Curtis (Jamestown)" <Curtis.Steward@trw.com>
Date: Thu, 3 Oct 2002 09:08:56 -0400
Sender: owner-heimdal-discuss@sics.se

Title: PKINIT - allowed principal format?

I'm new to Heimdal, it's the only opensource Kerberos
implementation utilizing PKINIT that I know of, thanks.
Activity looks limited though, what is the status, alternatives,
and expected update on PKINIT?

I've tried laters versions of Heimdal with no luck, so I
assume no version later than 4e (as doc'd :) ) will work
with Heimdal, so I've loaded it and OpenSSL 9.6.g onto Redhat 7.3.
I'm using the pkinit patch right off of pkinit.en.html.
I can make things function up to the point of kinit'ing with the
PKINIT authentication. I think the problem might be in the
pki-allowed-principals format. I'm understanding it should be
principal name and cert:

kdc.conf
...

pki-certificate = /usr/local/ca/testkeys/cacert.pem
pki-private-key = /usr/local/ca/testkeys/cakey.pem
pki-ca-dir = /usr/local/ca/certs
pki-allowed-principals = {
root = /usr/local/ca/testkeys/cacert.pem
}

The kinit for root results in:

kinit: krb5_get_init_creds: Unknown error 4294967295

Follow-Ups:
- Re: PKINIT - allowed principal format?
  - From: joda@pdc.kth.se (Johan Danielsson)
- Re: PKINIT - allowed principal format?
  - From: Daniel Kouril <kouril@ics.muni.cz>

Prev by Date: Re: Bug in FTP/FTPD [PATCH supplied]
Next by Date: Re: PKINIT - allowed principal format?
Prev by thread: Re: Bug in FTP/FTPD [PATCH supplied]
Next by thread: Re: PKINIT - allowed principal format?
Index(es):
- Date
- Thread