Hello Ken, I tried again according to your suggestion but I'm not getting any logging info in =/tmp/kinit.log
Am I missing something here? Regards, Vikram -----Original Message----- From: Ken Hornstein <k...@cmf.nrl.navy.mil> Sent: Tuesday, March 2, 2021 1:10 AM To: Pal, Vikram Cc: kerberos@mit.edu Subject: Re: kinit failing when AD user joining using smaercard PIN on ubuntu 20.04 [EXTERNAL EMAIL] >We are login to Ubuntu 20.04 device using smartcard PIN. We are able to >login as AD user successfully. We are using Windows 2019 AD Server. So, I don't know what this means. I suspect that Kerberos isn't working correctly here and you'll falling back to something else. >We tried kinit manually but it's throwing error. It asks for PIN but >immediately asks for password without waiting for pin to be entered. So ... there are a LOT of ways for PKINIT to go wrong (that's the protocol you use when using a smartcard), especially when a PKCS#11 module is involved, and some of the failure modes end up causing weird things to happen (and many of them cause fallbacks to a password prompt). But I'm not sure why you're running "sudo kinit [...]"; shouldn't you just run kinit without sudo? I am wondering if sudo is causing the PIN prompt and kinit is giving your the password prompt. My suggestion is to run kinit again with the environment variable KRB5_TRACE set to point to a debug file. E.g: env KRB5_TRACE=/tmp/kinit.log kinit [extra kinit options here] That might point you to what is going wrong. --Ken ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
