[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kinit with pkinit and win2k kdc

To: Prágai Róbert <pragai@rubin.hu>
Subject: Re: kinit with pkinit and win2k kdc
From: Love <lha@stacken.kth.se>
Date: Fri, 09 Jan 2004 15:33:35 +0100
Cc: heimdal-discuss@sics.se
In-Reply-To: <3FFEB061.9050507@rubin.hu> (Prágai Róbert's message of "Fri, 09 Jan 2004 14:45:05 +0100")
References: <3FFEB061.9050507@rubin.hu>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (berkeley-unix)


Prágai Róbert <pragai@rubin.hu> writes:

> Hi,
>
>     I've tied to kinit using pkinit to a win2k KDC with:
>
> kinit -C cert.pem -K key.pem -D ./CA/default/ username
>
> but the kinit failed with:
>
> kinit: krb5_get_init_creds: KDC has no support for padata type
>    I've already successfully managed to kinit to the local heimdal
> KDC, but the win2k just doesn't work.
> I have username in the domain, and he has the proper certificate.What
> else should I set in the win2k server to make things work, or what can
> be the problem with the preauthentication?

I think you have to set

[libdefaults]win2k_compatible=yes

to make it work with windows 2000 for pkinit.

Love

PGP signature

References:
- kinit with pkinit and win2k kdc
  - From: Prágai Róbert <pragai@rubin.hu>

Prev by Date: kinit with pkinit and win2k kdc
Next by Date: kadmin del_enctypes bumps kvno
Prev by thread: kinit with pkinit and win2k kdc
Next by thread: kadmin del_enctypes bumps kvno
Index(es):
- Date
- Thread