Hi, I am trying to test multiple user with certificated(pkinit) Following are the steps were followed
1. In KDC created 2 users testuser and testuser2 and enabled +requires_preauth with modprinc 2. Created CA certificate and KDC certifcate krb5.conf in KDC contains pkinit_identity = FILE:/etc/krb5kdc/kdc.pem,/etc/krb5kdc/kdckey.pem pkinit_anchors = FILE:/etc/krb5kdc/cacert.pem 3. Created certificate for testuser with CA created in step2 4. Created certificate for testuser2 with CA created in step2 krb5.conf in Client machine pkinit_pool = DIR:/etc/certificates/usercerts/ pkinit_anchors = DIR:/etc/certificates/usercerts/ Kinit command for testuser kinit -V -X X509_user_pool=DIR:/etc/certificates/usercerts/ -X X509_anchors=DIR:/etc/certificates/usercerts/ -X flag_RSA_PROTOCOL=yes testuser Kinit command for testuser2 kinit -V -X X509_user_pool=DIR:/etc/certificates/usercerts/ -X X509_anchors=DIR:/etc/certificates/usercerts/ -X flag_RSA_PROTOCOL=yes testuser2 In both the cases kinit prompts for password NOTE:- 1. If certificated specified instead of directory it works fine does not prompt for password. 2. Both testuser and testuser2 certificated along with CA are placed in same location "/etc/certificates/usercerts/" Please guide me if I am missing something important in this procedure. Best Regards, B.Sasikumar. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
