On 07/01/2013 03:20 AM, sasikumar bodathula wrote:
> preauth (pkinit) verify failure: Inconsistent key purpose
> Inconsistent key purpose
>
> What is the meaning of this error and is there any problem with the
> certificates or KDC or client picking the wrong certificates?
This means the KDC could not verify the extended key usage field of the
client certificate. In the instructions at
http://web.mit.edu/kerberos/krb5-latest/doc/admin/pkinit.html
this field is added by the line "extendedKeyUsage=1.3.6.1.5.2.3.4" in
the extensions file.
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
