[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



I am trying to use pkinit to get a ticket from heimdal KDC..

I use openssl to generate CA certificate and put it in /usr/local/ca/certs
I also generate KDC certificate and put it in /var/heimdal/certs
I configured /var/heimdal/kdc.conf and added
	enable-pkinit = yes
	pki-certificate = /var/heimdal/certs/kdc-cert.pem
	pki-private-key = /var/heimdal/certs/kdc-key.pem
	pki-ca-dir = /usr/local/ca/certs
	pki-allowed-principals = {
		ellen = ellen

	where ellen is the user id in my system and in my user certificate.

However, when I performed 
	kinit -C user-cert.pem -K user-key.pem -D /usr/local/ca/certs
I got
	kinit: krb5_get_init_creds: Unsupported preauthentication type..

Did I miss anything in my configuration?
Could anyone kindly tell me the correct configuration on my heimdal KDC?

Thank you very much...

Best regards,
Ellen Huang
| Don't walk in front of me, I may not follow, |
| Don't walk behind me, I may not lead,        |
| Just walk beside me, and be my friend.       |
Yu-Lun Huang (Lun)-----------------------------+