On 05/21/2013 03:19 AM, sasikumar bodathula wrote: > 1. AS_REQ goes from client to KDC, where KDC replies with > KRB2KDB_ERR_PREAUTH_REQUIRED > 2. The next request AS_REQ from client to KDC goes with padata as > PA-ENC-TIMESTAMP (Not PA-DASS with certificate value as expected)
Wireshark has the wrong name for padata type 16; it should be PA-PK-AS_REQ. But that isn't your problem. > Please guide me if I am missing something in the API usage? I'm not sure what is wrong. If you are using a sufficiently recent version of MIT krb5, you can get some additional information from the library by setting the KRB5_TRACE environment variable to point to a file, running your program, and then examining the file. You can get even more information by rebuilding the PKINIT sources with -DDEBUG, but that takes a lot more work. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
