Thanks, that worked, but it still errors against the KDC.
I'm assuming the CA Cert(s) are all that is necessary to hash?
/usr/heimdal/bin/kinit -f -C /var/tmp/keys/root.crt -K /var/tmp/keys/root.pem -D /var/tmp/ca
Passphrase for your private key:
kinit: krb5_get_init_creds: KDC not trusted
My principal in kdc.conf:
root = /C=Test/ST=ND/L=City/O=Co/OU=North America/CNemail@example.com/Emailfirstname.lastname@example.org
I did enter the following in krb5.conf, I would think it would
not be necessary to add anything else being the PKI and KDC are
in the same domain/realm?
pkinit_server = keith.jms.domain.com:88
From: Mario Strasser [mailto:email@example.com]
Sent: Monday, October 21, 2002 8:32 AM
To: STEWARD, Curtis (Jamestown); firstname.lastname@example.org
Subject: Re: PKINIT - hash for CA key
On Monday 21 October 2002 14:15, STEWARD, Curtis (Jamestown) wrote:
> openssl x509 -noout -hash -in cacert.pem
> ln -s cacert.pem f871f896
The hash files must have the file extension
0 (zero); thus your certificate must be linked
bash# ln -s cacert.pem f871f896.0
Content Security by MailMarshal