[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
PKinit
- To: "Heimdal-discuss list" <heimdal-discuss@sics.se>
- Subject: PKinit
- From: "Mustafa A. Hashmi" <mahashmi@gmail.com>
- Date: Wed, 31 Jan 2007 20:34:43 +0500
- DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=nYLHs+4W1raVgkM+Urj+enjI2dblHJumIAN0gIHWc42hnoJexdCdALg/wJPcDc86EQwkTN+F4G741DlFzGs5Di5Krc386dMzqie/wqZLnqHfl+WG60MQeFfORDIZKyMyhhZYLpo5lckXBN6cldA3dXqnEXU+rjeiPyD6JZAYxwA=
- Sender: owner-heimdal-discuss@sics.se
Hi all,
A very simple pkinit setup just to test things up and running on debian etch.
When I get a kerberos ticket via kinit -C FILE:user.crt,user.key, the
following is logged in kdc.log:
2007-01-31T20:29:43 AS-REQ mhashmi@CA.EMERGEN.BIZ from
IPv4:192.168.1.16 for krbtgt/CA.EMERGEN.BIZ@CA.EMERGEN.BIZ
2007-01-31T20:29:43 Client sent patypes: encrypted-timestamp
2007-01-31T20:29:43 Failed to decrypt PA-DATA -- mhashmi@CA.EMERGEN.BIZ
if there a reason for concern here?
2007-01-31T20:30:20 AS-REQ mhashmi@CA.EMERGEN.BIZ from
IPv4:192.168.1.16 for krbtgt/CA.EMERGEN.BIZ@CA.EMERGEN.BIZ
2007-01-31T20:30:20 Client sent patypes: PK-INIT(ietf)
2007-01-31T20:30:20 PK-INIT request of type PK-INIT-IETF
2007-01-31T20:30:20 Trying to authorize PK-INIT subject DN
UID=mhashmi,DC=ca,DC=emergen,DC=biz
2007-01-31T20:30:20 PKINIT pre-authentication succeeded --
mhashmi@CA.EMERGEN.BIZ using UID=mhashmi,DC=ca,DC=emergen,DC=biz
2007-01-31T20:30:20 Client supported enctypes:
aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1,
des3-cbc-md5, arcfour-hmac-md5, des-cbc-md5, des-cbc-md4, des-cbc-crc
2007-01-31T20:30:20 PK-INIT using dh RFC2412-MODP-group2
All goes well and the kerberos ticket is issued without a problem.
Thanks,
--
Mustafa A. Hashmi
mahashmi@gmail.com
- Follow-Ups:
- Re: PKinit
- From: Love Hörnquist Åstrand <lha@kth.se>