Forgot to mention following in previous e-mail. some more info Tried kinit with X509_user_pool(Does this exists since kinit did not complain) and X509_user_identity options with DIR (Is this supported or for each user specific file need to be mentioned in the kinit command with FILE:options)
Best Regards, B.Sasikumar. From: "sasikumar bodathula"<[email protected]> Sent: Wed, 29 May 2013 11:24:04 To: "[email protected]"<[email protected]> Subject: pkinit for multiple user support Hi, I am trying to test multiple user with certificated(pkinit) Following are the steps were followed 1. In KDC created 2 users testuser and testuser2 and enabled +requires_preauth with modprinc 2. Created CA certificate and KDC certifcate krb5.conf in KDC contains pkinit_identity = FILE:/etc/krb5kdc/kdc.pem,/etc/krb5kdc/kdckey.pem pkinit_anchors = FILE:/etc/krb5kdc/cacert.pem 3. Created certificate for testuser with CA created in step2 4. Created certificate for testuser2 with CA created in step2 krb5.conf in Client machine pkinit_pool = DIR:/etc/certificates/usercerts/ pkinit_anchors = DIR:/etc/certificates/usercerts/ Kinit command for testuser kinit -V -X X509_user_pool=DIR:/etc/certificates/usercerts/ -X X509_anchors=DIR:/etc/certificates/usercerts/ -X flag_RSA_PROTOCOL=yes testuser Kinit command for testuser2 kinit -V -X X509_user_pool=DIR:/etc/certificates/usercerts/ -X X509_anchors=DIR:/etc/certificates/usercerts/ -X flag_RSA_PROTOCOL=yes testuser2 In both the cases kinit prompts for password NOTE:- 1. If certificated specified instead of directory it works fine does not prompt for password. 2. Both testuser and testuser2 certificated along with CA are placed in same location "/etc/certificates/usercerts/" Please guide me if I am missing something important in this procedure. Best Regards, B.Sasikumar. Get your own FREE website and domain with business email solutions, click here ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
