[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PKINIT - kinit - "No usable pa data type", any ideas?

To: Eric Sylvain <esylvain@cedarpointcom.com>
Subject: Re: PKINIT - kinit - "No usable pa data type", any ideas?
From: Peter Duff <duff@google.com>
Date: Tue, 10 May 2005 08:57:24 -0700
Cc: heimdal-discuss@sics.se
In-Reply-To: <op.sqibxdpbyogqth@xesylvain.cedarpointcom.com>
References: <op.sqibxdpbyogqth@xesylvain.cedarpointcom.com>
Reply-To: Peter Duff <duff@google.com>
Sender: owner-heimdal-discuss@sics.se

On 5/9/05, Eric Sylvain <esylvain@cedarpointcom.com> wrote:
> 
> 17. Run kinit as user (i.e. Not root)
>      /usr/bin/kinit -C \
>        FILE:/usr/secure/client/clientcert.pem,/usr/secure/client/clientkey.pem
>      Enter your private key passphrase: <password>
> 
> (QUESTION:Why do I get the following:
>            kinit: krb5_get_init_creds: No usable pa data type)
> 

I came across this error at some point also - it be debugged in gdb
iirc, and most likely an openssl exception.
It might be due to you using the same certificate for server
authentication and client authentication.  You might not be able to do
that, as the x509 usage fields don't match the operation you're
attempting to performs (client auth is different than server auth).

hope this helps

Peter

References:
- PKINIT - kinit - "No usable pa data type", any ideas?
  - From: "Eric Sylvain" <esylvain@cedarpointcom.com>

Prev by Date: Re: PKINIT - kinit - "No usable pa data type", any ideas?
Next by Date: Re: PKINIT - kinit - "No usable pa data type", any ideas?
Prev by thread: Re: PKINIT - kinit - "No usable pa data type", any ideas?
Next by thread: Your Latest Inquiries.........SAFETY.
Index(es):
- Date
- Thread