[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Causes for KDC_ERR_CLIENT_NOT_TRUSTED
This means that your Windows server is missing client's ca certificate.
Remember that windows 2003 server doesn't implement rfc pkinit, instead
it implements draft-9 version of the pkinit rfc.
From draft-9 (section 3.2):
"If the KDC has no certificate signed by any of the trustedCertifiers,
then it returns
an error of type KDC_ERR_KDC_NOT_TRUSTED"
-Olga
Thomas Harning wrote:
> Is there any definitive source of KDC_ERR_CLIENT_NOT_TRUSTED ... in
> the documents it mentions these two vague ones (really, just 1 w/ an
> example):
> * Policy
> * OID for Login not present
>
> I'm primarily interested in information related to using Hiemdal w/
> PKINIT to login into Windows 2003 Server.....
>