[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

kinit with pkinit and win2k kdc


    I've tied to kinit using pkinit to a win2k KDC with:

kinit -C cert.pem -K key.pem -D ./CA/default/ username

but the kinit failed with:

kinit: krb5_get_init_creds: KDC has no support for padata type
I've already successfully managed to kinit to the local heimdal KDC, but 
the win2k just doesn't work.
I have username in the domain, and he has the proper certificate.What 
else should I set in the win2k server to make things work, or what can 
be the problem with the preauthentication?

Here is the krb5.conf:
(TEST.VIKING is the windows domain.)

 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

 default_etypes = des-cbc-crc des-cbc-md5
 default_etypes_des = des-cbc-crc des-cbc-md5
 ticket_lifetime = 24000
 default_realm = TEST.VIKING
 dns_lookup_realm = false
 dns_lookup_kdc = true
 log_utc = true
  kdc = harald.test.viking:88
  admin_server = harald.test.viking:749
  default_domain = viking
  pkinit_server = harald.test.viking 
  kdc = gorm.test.viking:88
  admin_server = gorm.test.viking:749
  default_domain = test.viking
  pkinit_server = tcp/gorm.test.viking

 .viking = VIKING
 viking = VIKING
 .test.viking = TEST.VIKING
 test.viking = TEST.VIKING

 default_keys = v5 v4
 pam = {
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true