[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problem installing pkinit

To: Athanasios Moralis <amoral@netmode.ntua.gr>
Subject: Re: Problem installing pkinit
From: Love Hörnquist Åstrand <lha@kth.se>
Date: Fri, 3 Nov 2006 14:18:24 -0800
Cc: "Douglas E. Engert" <deengert@anl.gov>, Heimdal-discuss list <heimdal-discuss@sics.se>
In-Reply-To: <453FD695.4010907@netmode.ntua.gr>
References: <452D1A78.2040105@netmode.ntua.gr> <A06DBC93-A11D-4ACE-AB72-15CBA83E0425@kth.se> <047E1841-C5FF-4A15-A259-360ADC69C4A1@kth.se> <452E5651.4000007@netmode.ntua.gr> <452E6842.4010204@netmode.ntua.gr> <453E3A5C.7010609@netmode.ntua.gr> <A9F4BD1B-B084-49A6-9AB3-1C7EAD3C8327@kth.se> <453E94F3.40905@netmode.ntua.gr> <453F6EB6.9090300@anl.gov> <453FBD59.2020408@netmode.ntua.gr> <453FCBE5.4090207@anl.gov> <453FD695.4010907@netmode.ntua.gr>
Sender: owner-heimdal-discuss@sics.se

25 okt 2006 kl. 14.26 skrev Athanasios Moralis:

> and I found that if I put pkinit_require_eku=false I have a  
> successful logging. :-)
> Setting win2k_pkinit_require_binding = yes did not affect the result.
>
> This is something that I should really look into it. Perhaps my  
> certificate
> does not support eku or something else is happening.

Yes, the RFC specifices a that the KDC to have PK-INIT KDC EKU set
on it, I guess I should add a warning kdc startup code hinting that
not having the EKU will cause interrop problems.

Love

Prev by Date: Re: Problem installing pkinit
Next by Date: Re: Problem installing pkinit
Prev by thread: Re: Problem installing pkinit
Next by thread: Re: Problem installing pkinit
Index(es):
- Date
- Thread