[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PKINIT - hash for CA key

To: "STEWARD, Curtis (Jamestown)" <Curtis.Steward@trw.com>
Subject: Re: PKINIT - hash for CA key
From: Mario Strasser <mario.strasser@zhwin.ch>
Date: Tue, 22 Oct 2002 08:01:46 +0200
Cc: heimdal-discuss@sics.se, kouril@ics.muni.cz
In-Reply-To: <82B2E334C659D511A7500008C709B5970E3613@jamesx.jms.lucascargo.com>
References: <82B2E334C659D511A7500008C709B5970E3613@jamesx.jms.lucascargo.com>
Sender: owner-heimdal-discuss@sics.se
User-Agent: KMail/1.4.7

Hi,

On Monday 21 October 2002 20:13, STEWARD, Curtis (Jamestown) wrote:
> [...]
> Thanks, that worked, but it still errors against the KDC.
> I'm assuming the CA Cert(s) are all that is necessary to hash?
The root ca certificate as well as the intermediate 
ca certificates.

> [...]
> kinit: krb5_get_init_creds: KDC not trusted
> [...]
> pkinit_server = keith.jms.domain.com:88
>
The subject (or the subject alternative name) of 
the server certificate must contain the DNS name
of the KDC (keith.jms.domain.com).

Regards,
Mario

Content Security by MailMarshal

References:
- RE: PKINIT - hash for CA key
  - From: "STEWARD, Curtis (Jamestown)" <Curtis.Steward@trw.com>

Prev by Date: kadmind exploits
Next by Date: RE: PKINIT - hash for CA key
Prev by thread: RE: PKINIT - hash for CA key
Next by thread: RE: PKINIT - hash for CA key
Index(es):
- Date
- Thread