[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PKINIT - kinit - "No usable pa data type", any ideas?
Eric Sylvain wrote:
>
> I tried the included patch, without luck. :(
>
> I added debug to the kdc and see that the request
> is coming in with type set to "15", which is
> KRB5_PADATA_PK_AS_REP_19, or KRB5_PADATA_PK_AS_REQ_WIN,
> but your patch checks for KRB5_PADATA_PK_AS_REQ_19
> (previous to patch it checked for KRB5_PADATA_PK_AS_REQ)
>
> Is this a kinit or kdc issue?
The code is trying to support 3 versions of the PKINIT drafts,
draft 9 that Windows uses, draft 19, and draft 25. Between
19 and 25 the PA-PK-AS-REQ changed from 14 to 16.
and the PA-PK-AS-REP from 15 to 17. (I think if the REQ is 15
it is a bug, as the PA-PK-AS-REP would have been 15, or 17.)
(I have not tried the KDC, but only the client to Windows AD.)
I thought I saw something on this on the list too.
>
> Eric
>
> On Mon, 09 May 2005 10:13:41 -0400, Daniel Kouril <kouril@ics.muni.cz>
> wrote:
>
>> On Mon, May 09, 2005 at 08:06:39AM -0400, Eric Sylvain wrote:
>>
>>> I have a problem getting "kinit" to work. It exits with
>>> the following error:
>>>
>>> kinit: krb5_get_init_creds: No usable pa data type
>>
>>
>> Try the patch enclosed,
>>
>> Dan
>
>
>
>
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444