Hi, I'm trying to set up the MIT Kerberos server (1.12.2 / Fedora 21) to PKINIT from my organizations' smart cards.
They have a MS user principal name of the form: 12001000550...@fedidcard.gov I tried creating a realm "FEDIDCARD.GOV" with a user principal 12001000550281. This resulted in a client name mismatch when trying to kinit to 12001000550...@fedidcard.gov. I then tried creating a "12001000550...@fedidcard.gov" principal in my realm. Unfortunately, I cannot kinit using the principal "12001000550...@fedidcard.gov@FEDIDCARD.GOV". kinit gives a "Malformed representation of principal when parsing name..." error. Is there a solution to this? Some special syntax that tells the command line tools to ignore '@' signs in a client principal name? Or am I thinking wrong: Does kinit parse the user principal name into client and realm? Should I rename my realm to lowercase fedidcard.gov? Thanks, Bryce ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
