[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question about PKINIT and principals in Heimdal

To: heimdal-discuss@sics.se
Subject: Re: Question about PKINIT and principals in Heimdal
From: "Pablo J." <pablojr@gmail.com>
Date: Mon, 24 Jul 2006 11:59:02 -0300
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=S4jzGH48i7n+f0Rays1IwnciR1f8S194VOtonFKD8GHhDTQDIdqyr1F7iS8yBE3JI/8dvDxqSF1lQNzmAJe/qJxB3Pm/19WtRmdkUpSOeV89T6ua96Ylubb6JCzGV50YY5Jr3VSJsipiWS5AbP9hpNFulbfx9uM4cETfO3X7l90=
In-Reply-To: <1392810d0607211207s26e6b3e9u26378470783ef5e0@mail.gmail.com>
References: <1392810d0607211207s26e6b3e9u26378470783ef5e0@mail.gmail.com>
Sender: owner-heimdal-discuss@sics.se

Hello everyone,

I'm trying to set up Heimdal KDC to use PKINIT. I've created the
appropiate X.509 certificates for both for the KDC (principal kdc) and
a test client (principal iwcert), using a slightly modified gen-req.sh
script (from lib/hx509/data) and openssl.cnf. But when I used kinit, I
got the following error:

kinit -C FILE:.certs/client.crt,.certs/client.key iwcert
kinit: krb5_get_init_creds: Client (iwcert@EXAMPLE.LOCAL) unknown

iwcert is the user specified in otherName within the certificate.
Do I have to previously create the user in the KDC database? What if I
have several thounsands devices (PacketCable MTAs) acting as users, I
want to avoid to create each of them beforehand in the Kerberos db.

Thank you very much in advance.

Pablo J. Rogina

gen-req.sh

openssl.cnf

Prev by Date: Business Security for Managers; Elysium Resort, Paphos; 14th-16th November 2006
Next by Date: One Time Password Support
Prev by thread: Business Security for Managers; Elysium Resort, Paphos; 14th-16th November 2006
Next by thread: One Time Password Support
Index(es):
- Date
- Thread