[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: PKINIT - hash for CA key

To: "'Mario Strasser'" <mario.strasser@zhwin.ch>
Subject: RE: PKINIT - hash for CA key
From: "STEWARD, Curtis (Jamestown)" <Curtis.Steward@trw.com>
Date: Mon, 21 Oct 2002 14:13:10 -0400
Cc: heimdal-discuss@sics.se, kouril@ics.muni.cz
Sender: owner-heimdal-discuss@sics.se

Title: RE: PKINIT - hash for CA key

Mario,

Thanks, that worked, but it still errors against the KDC.
I'm assuming the CA Cert(s) are all that is necessary to hash?

/usr/heimdal/bin/kinit -f -C /var/tmp/keys/root.crt -K /var/tmp/keys/root.pem -D /var/tmp/ca
Passphrase for your private key:

kinit: krb5_get_init_creds: KDC not trusted

My principal in kdc.conf:
root = /C=Test/ST=ND/L=City/O=Co/OU=North America/CN=root@jms.domain.com/Email=curtis.steward@exchange.cl.trw.com

I did enter the following in krb5.conf, I would think it would
not be necessary to add anything else being the PKI and KDC are
in the same domain/realm?

pkinit_server = keith.jms.domain.com:88

Thanks,

-----Original Message-----
From: Mario Strasser [mailto:mario.strasser@zhwin.ch]
Sent: Monday, October 21, 2002 8:32 AM
To: STEWARD, Curtis (Jamestown); kouril@ics.muni.cz
Cc: heimdal-discuss@sics.se
Subject: Re: PKINIT - hash for CA key

Hi Dan,

On Monday 21 October 2002 14:15, STEWARD, Curtis (Jamestown) wrote:
> [...]
> openssl x509 -noout -hash -in cacert.pem
> ln -s cacert.pem f871f896
> [...]
The hash files must have the file extension
0 (zero); thus your certificate must be linked
to f871f896.0:
bash# ln -s cacert.pem f871f896.0

Regards,
Mario

Content Security by MailMarshal

Follow-Ups:
- Re: PKINIT - hash for CA key
  - From: Mario Strasser <mario.strasser@zhwin.ch>

Prev by Date: Re: PKINIT - hash for CA key
Next by Date: Remote vulnerability in kadmind
Prev by thread: Re: PKINIT - hash for CA key
Next by thread: Re: PKINIT - hash for CA key
Index(es):
- Date
- Thread