[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Inconsistent key purpose in Heimdal, but not Windows
On Fri, 21 Mar 2008 15:02:18 -0400
Thomas Harning <thomas.harning@trustbearer.com> wrote:
> In hooking up Heimdal in a MS Domain Controller environment with
> PKINIT, I've found that Windows machines can successfully perform
> SmartCard Login, but Heimdal bails with this error:
>
> KDC_ERR_INCONSISTENT_KEY_PURPOSE
>
Investigating this error code, I came across the fact that Windows
(2000) implements Draft 9 of PKINIT. The error # for
KDC_ERR_INCONSISTENT_KEY_PURPOSE isn't even set in the draft. It is
error # 77... Either Windows added one if its own errors to their
version of the spec, or Windows 2003 implements a newer PKINIT...
--
Thomas Harning @ TrustBearer Labs (http://www.trustbearer.com)
Secure OpenID: https://openid.trustbearer.com/harningt
3201 Stellhorn Road 260-399-1656
Fort Wayne, IN 46815