[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pkinit_require_eku

To: Alberto Fondi <alberto.fondi@lnf.infn.it>
Subject: Re: pkinit_require_eku
From: Love Hörnquist Åstrand <lha@kth.se>
Date: Wed, 29 Nov 2006 20:22:03 +0100
Cc: heimdal-discuss@sics.se
In-Reply-To: <456DC0A0.6000203@lnf.infn.it>
References: <456DC0A0.6000203@lnf.infn.it>
Sender: owner-heimdal-discuss@sics.se

Hello Alberto,

>    i have installed heimdal and i want to prove authentication by  
> certificates. But when i pass my certificate and private key to  
> kinit it gives me this message:

I forgot to add them to the program, just fixed that problem.

The configuration option needs to be in the client's krb5.conf

> And is it a necessary requirement to have eku field in the  
> certificates ?

Its required to have the PK-INIT EKU in the KDC's certificate by
the RFC specifying PK-INIT.

Love

References:
- pkinit_require_eku
  - From: Alberto Fondi <alberto.fondi@lnf.infn.it>

Prev by Date: pkinit_require_eku

Next by Date: $B%a!<%k%^%,%8%s(B

$B!&%Q%A%s%3!&%Q%A%9%m$,9%$-$JJ}$K!":G(B

$BE,$J!Z5a?M>pJs![(B

Prev by thread: pkinit_require_eku

Next by thread: $B%a!<%k%^%,%8%s(B

$B!&%Q%A%s%3!&%Q%A%9%m$,9%$-$JJ}$K!":G(B

$BE,$J!Z5a?M>pJs![(B

Index(es):
- Date
- Thread