kinit with pkinit and win2k kdc

[Prágai Róbert <pragai@rubin.hu>]

Hi,

    I've tied to kinit using pkinit to a win2k KDC with:

kinit -C cert.pem -K key.pem -D ./CA/default/ username

but the kinit failed with:

kinit: krb5_get_init_creds: KDC has no support for padata type
   
I've already successfully managed to kinit to the local heimdal KDC, but 
the win2k just doesn't work.
I have username in the domain, and he has the proper certificate.What 
else should I set in the win2k server to make things work, or what can 
be the problem with the preauthentication?

Here is the krb5.conf:
(TEST.VIKING is the windows domain.)

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_etypes = des-cbc-crc des-cbc-md5
 default_etypes_des = des-cbc-crc des-cbc-md5
 ticket_lifetime = 24000
 default_realm = TEST.VIKING
 dns_lookup_realm = false
 dns_lookup_kdc = true
 log_utc = true
 
[realms]
 VIKING = {
  kdc = harald.test.viking:88
  admin_server = harald.test.viking:749
  default_domain = viking
  pkinit_server = harald.test.viking 
 }
 
  TEST.VIKING = {
  kdc = gorm.test.viking:88
  admin_server = gorm.test.viking:749
  default_domain = test.viking
  pkinit_server = tcp/gorm.test.viking
 }

[domain_realm]
 .viking = VIKING
 viking = VIKING
 .test.viking = TEST.VIKING
 test.viking = TEST.VIKING

[kadmin]
 default_keys = v5 v4
 
[appdefaults]
 pam = {
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
 }

Thanks,
Robert