Reinhard Kugler <[email protected]> writes: > (continued...) - I accidentally sent the message while composing - sorry > > the pkinit authentication with the same certificates works fine with > ubuntu 12.04 as a client. > It seems Windows and Linux use different authentication schemes. > It read in the RFC 4556 about a diffie-hellman and public key - key > transport algorithm > http://tools.ietf.org/html/rfc4556#section-3.2.3.1 > > Have I overlooked something in the Windows configuration; is this a > certificate issue? > Can the choice of the "key transport algorithm" be influenced? > Any other ideas?
I think we've seen this before; sometimes Windows omits the required "q" value in the Diffie-Hellman parameters (even though it can be trivially computed for certain well-known groups). See http://www.rfc-editor.org/errata_search.php?eid=3157 for more details. I don't remember if anyone filed a bug about this, but we would consider implementing a workaround if there is interest. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
