[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
pkinit as_rep
I've set up an install of the snapshot from the 14th with pkinit
enabled. when I try and kinit with an x509 cert, I see the following in
the kdc log:
2005-04-22T16:37:19 AS-REQ ma3d@TEST.PDSF.NERSC.GOV from
IPv4:128.55.27.106 for krbtgt/TEST.PDSF.NERSC.GOV@TEST.PDSF.NERSC.GOV
2005-04-22T16:37:19 Looking for PKINIT pa-data -- ma3d@TEST.PDSF.NERSC.GOV
2005-04-22T16:37:19 Looking for ENC-TS pa-data -- ma3d@TEST.PDSF.NERSC.GOV
2005-04-22T16:37:19 Using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
2005-04-22T16:37:19 sending 669 bytes to IPv4:128.55.27.106
and the following output from kinit:
$ kinit -C FILE:/auto/u/ma3d/foo.crt,/auto/u/ma3d/foo.key
ma3d@TEST.PDSF.NERSC.GOV
kinit: krb5_get_init_creds: unable to reach any KDC in realm
TEST.PDSF.NERSC.GOV
if seems that it's not actually finding the pkinit pre-auth data.
running gdb on the kdc I see the following in as_rep():
(gdb) c
Continuing.
Breakpoint 2, as_rep (req=0xbfffccb0, reply=0xbfffcd38, from=0x82521c0
"IPv4:128.55.27.106", from_addr=0x8252138)
at kerberos5.c:737
737 int i = 0;
(gdb) l
732
733 memset(&et, 0, sizeof(et));
734 memset(&ek, 0, sizeof(ek));
735
736 if(req->padata){
737 int i = 0;
738 PA_DATA *pa;
739 int found_pa = 0;
740
741 #ifdef PKINIT
(gdb) n
739 int found_pa = 0;
(gdb) n
742 kdc_log(5, "Looking for PKINIT pa-data -- %s", client_name);
(gdb) n
744 i = 0;
(gdb) n
745 e_text = "No PKINIT PA found";
(gdb) n
755 continue;
(gdb) c
I'm expecially confused about the jump from line 745 to line 755. I
rebuilt by re-running configure with CFLAGS set to just -g thinking I
might just be looking at optimization weirdness, but that didn't seem to
make a difference.
any ideas?
any more info that's needed?
-Matt Andrews