[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PKINIT + heimdal snapshot: certificate authentication does notwork
> My question is: is it configuration problem or PKINIT with Heimdal
snapshot doesn't work properly?
From the first tests I've made, it works (with an older snapshot though):
paul@youki:~$ kinit -C
Enter your private key passphrase:
kinit: NOTICE: ticket renewable lifetime is 1 week
Credentials cache: FILE:/tmp/krb5cc_501
Issued Expires Principal
Aug 26 17:17:51 Aug 27 03:17:51 krbtgt/TEST.FR@TEST.FR
KDC log contains:
2004-08-26T17:17:51 AS-REQ paul@TEST.FR from IPv4:192.168.0.10 for
2004-08-26T17:17:51 Looking for PKINIT pa-data -- paul@TEST.FR
2004-08-26T17:17:51 PKINIT pre-authentication succeded -- paul@TEST.FR
using /C=FR/ST=IDF/O=Internet Widgits Pty
2004-08-26T17:17:51 Using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
2004-08-26T17:17:51 Requested flags: renewable, proxiable, forwardable
2004-08-26T17:17:51 sending 2578 bytes to IPv4:192.168.0.10
- Is user.key protected by a passphrase?
- Is your file /var/heimdal/pki-mapping properly filled?
- (sorry for this silly question) Did you launch the kinit command
against a "PKINIT aware" KDC (that is the deamon coming from the
snapshot)? Has it been launched properly? I've noticed that if the KDC
can't use its private key (wrong passphrase for instance), it starts all
the same and you can get tickets with your passwords.