[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question about PKINIT and principals in Heimdal

Hello everyone,

I'm trying to set up Heimdal KDC to use PKINIT. I've created the
appropiate X.509 certificates for both for the KDC (principal kdc) and
a test client (principal iwcert), using a slightly modified gen-req.sh
script (from lib/hx509/data) and openssl.cnf. But when I used kinit, I
got the following error:

kinit -C FILE:.certs/client.crt,.certs/client.key iwcert
kinit: krb5_get_init_creds: Client (iwcert@EXAMPLE.LOCAL) unknown

iwcert is the user specified in otherName within the certificate.
Do I have to previously create the user in the KDC database? What if I
have several thounsands devices (PacketCable MTAs) acting as users, I
want to avoid to create each of them beforehand in the Kerberos db.

Thank you very much in advance.

Pablo J. Rogina