[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


This means that your Windows server is missing client's ca certificate.

Remember that windows 2003 server doesn't implement rfc pkinit, instead 
it implements draft-9 version of the pkinit rfc.

 From draft-9 (section 3.2):
"If the KDC has no certificate signed by any of the trustedCertifiers, 
then it returns
 an error of type KDC_ERR_KDC_NOT_TRUSTED"


Thomas Harning wrote:
> Is there any definitive source of KDC_ERR_CLIENT_NOT_TRUSTED ... in 
> the documents it mentions these two vague ones (really, just 1 w/ an 
> example):
>  * Policy
>  * OID for Login not present
> I'm primarily interested in information related to using Hiemdal w/ 
> PKINIT to login into Windows 2003 Server.....