W dniu 26.02.2020, śro o godzinie 07∶51 -0700, użytkownik Todd Grayson napisał: The discussions I've seen where this is done successfully use tar to grab all the files (do an ls -la in the kdc path to see what you missed) along with the krb5.conf. I believe you are missing important file(s) based on what you listed.
It looks that the problem is related to the version incompatibility: I can login from Debian 9 client (1.15) to Debian 9 KDC (1.15) but can't login from Debian 7 (1.10.1). What is strange, that I can login from Debian 9 to Debian 7 KDC. I suspect openssl CMS incompatibility: https://www.mail-archive.com/ope nssl-us...@openssl.org/msg85910.html best regards Jarek On Wed, Feb 26, 2020, 7:31 AM jarek <ja...@poczta.srv.pl> wrote: Hello! I've tried to migrate KDC (Debian 7) to new hardware with Debian 9. We are using KDC with pkinit and smartcards. After fresh installation, I have copied /etc/krb5.conf, /etc/krb5.keytab, /etc/krb5kdc and /var/lib/krb5kdc. All certificates are in /etc/krb5kdc. The new machine has the same name as old, only IP is different. kadmin lists all pricinpals, kdc and admin server are working. kinit from remote machine fails, on KDC in authlog we have message: PREAUTH_FAILED: Failed to verify CMS message: bad signature What can be wrong ? Best regards Jarek ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
