kinit -t /etc/krb5-k kinit: Client not found in Kerberos database while getting initial credentials
And kinit -k without pkinit_identities in libdefaults, kinit -k '[email protected]' gives me a valid tgt. And kinit -k with pkinit_identities in libdefaults, kinit -k '[email protected]' Segmentation fault We are not using opsc as the smartcardprovider, although I don't think the problem lies in there. /Patrik Från: Frank Cusack [mailto:[email protected]] Skickat: den 17 oktober 2011 10:29 Till: Martinsson Patrik Kopia: [email protected] Ämne: Re: pkinit and nfs It'd be interesting to know what 'kinit -t' does. On Mon, Oct 17, 2011 at 1:21 AM, Martinsson Patrik <[email protected]<mailto:[email protected]>> wrote: Well yes, however if you add pkinit_identities = PKCS11:path-to-smartcardlib to the [libdefaults] section of your krb5.conf, the rpc.gssd will segfault. In my world that means that rpc.gssd reads the pkinit-option in some way, but I'm not sure. Best regards, Patrik Martinsson, Sweden. Från: Frank Cusack [mailto:[email protected]<mailto:[email protected]>] Skickat: den 14 oktober 2011 20:04 Till: Martinsson Patrik Kopia: [email protected]<mailto:[email protected]> Ämne: Re: pkinit and nfs On Fri, Oct 14, 2011 at 1:56 AM, Martinsson Patrik <[email protected]<mailto:[email protected]>> wrote: How do I setup krb5.conf to get nfs not use pkinit, whilst when for example doing a regular "kinit" pkinit should be used. "nfs", i.e. rpc.gssd, does not use pkinit ever. It uses only a keytab. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
