[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Inconsistent key purpose in Heimdal, but not Windows



On Fri, 21 Mar 2008 15:02:18 -0400
Thomas Harning <thomas.harning@trustbearer.com> wrote:

> In hooking up Heimdal in a MS Domain Controller environment with
> PKINIT, I've found that Windows machines can successfully perform
> SmartCard Login, but Heimdal bails with this error:
> 
> KDC_ERR_INCONSISTENT_KEY_PURPOSE
> 
Investigating this error code, I came across the fact that Windows
(2000) implements Draft 9 of PKINIT.  The error # for
KDC_ERR_INCONSISTENT_KEY_PURPOSE isn't even set in the draft.  It is
error # 77...  Either Windows added one if its own errors to their
version of the spec, or Windows 2003 implements a newer PKINIT...

-- 
Thomas Harning @ TrustBearer Labs (http://www.trustbearer.com)
Secure OpenID: https://openid.trustbearer.com/harningt
3201 Stellhorn Road 260-399-1656
Fort Wayne, IN 46815