Kevin
It took me a while to get back to the issue. Apologies for this.
Essentially, here is what I get when running kinit with "DEBUG" set.
./kinit -X X509_user_identity='/C=FR/O=BioNet/CN=user/'
u...@bionet.fr<mailto:u...@bionet.fr>
get_plugin_data_sym(preauthentication_client_1)
init module "Encrypted Challenge", pa_type 138, flag 1
get_plugin_data_sym(service_locator)
get_plugin_data_sym(service_locator)
get_plugin_data_sym(service_locator)
preauth data types before sorting: 2 136 19 13 133
preauth data types after sorting: 2 136 19 13 133
salt len=-1; preauth data types: 2 136 19 13 133
trying modules for pa_type 2, flag 2
trying modules for pa_type 136, flag 2
etype info 0: etype 18 salt len=-1
etype info 1: etype 17 salt len=-1
etype info 2: etype 16 salt len=-1
etype info 3: etype 23 salt len=-1
trying modules for pa_type 19, flag 2
trying modules for pa_type 13, flag 2
calling internal function for pa_type 133, flag 2
trying modules for pa_type 133, flag 2
calling internal function for pa_type 2, flag 1
preauth2.c:708: salt len=-1; *etype=18 request->ktype[0]=18
Password for u...@bionet.fr:<mailto:u...@bionet.fr:>
key type 18 bytes a3 27 ...
enc data { type=18 kvno=0 data=fd 91 ... }
get_plugin_data_sym(service_locator)
get_plugin_data_sym(service_locator)
get_plugin_data_sym(service_locator)
preauth data types before sorting: 19
preauth data types after sorting: 19
salt len=-1; preauth data types: 19
etype info 0: etype 18 salt len=-1
trying modules for pa_type 19, flag 2
[root@client bin]#
Attached are a bunch of information that may help.
Thanks again for your help.
P
On 31/03/2011 16:44, Kevin Coffman wrote:
On Thu, Mar 31, 2011 at 7:28 AM, JAKOBI Pascal
<pascal.jak...@thalesgroup.com><mailto:pascal.jak...@thalesgroup.com> wrote:
> Hi there
>
> I need help in order to get PKINIT working on Fedora 14.
> I have a running kerberos server with krb-server, krb-server-ldap and so
> on (1.8.2).
> I also have installed krb5-pkinit-openssl.
>
> The stuff works like a charm when running in "standard" kerberos, i.e.
> w/o pkinit.
>
> Then we tried to set up pkinit according to the instructions found at
> http://k5wiki.kerberos.org. In particular, we checked carefully, our certs.
Perhaps you could list your certificate information here for both the
user and KDC certificates (the output of "openssl x509 -noout -text
-in YOUR.CRT").
> However, the behaviour does not seem correct.
>
> We issue a kinit -X x509_user_identity=<DN found in the client cert>
> <principal> on the client side (another Fedora instance with software
> certs).
> With Wireshark, we see that an AS-REQ is sent to the server. However, it
> does not seem to convey any certificate (pa-data type = 149).
>
> Then the server replies with ERR_PREAUTH_REQUIRED (the principal that is
> used has its preauth option set). Is this normal ?
This is normal. If the KDC's pkinit preauth plugin is properly
configured (valid certificate and kdc.conf configuration options), one
of the preauth options it should return is PKINIT. (14,15,16, or 17)
The client should then send the PKINIT preauth information in its
subsequent request. If it is accepted by the KDC, there shouldn't be
a pasword prompt.
> As a result of this, the standard AS_REQ/REP procedure seems to be
> played (as a password is requested on the client side).
>
> The problem is that even when recompiling pkinit with DEBUG set, we
> cannot see anything....
Are you running your KDC in the foreground? Debug output will go to
stderr or stdout. Verify that the PKINIT preauth plugin is
successfully loaded and properly initialized.
> Any help (very) greatly appreciated.
>
> Thanks
> Pascal
>
> --
> Pascal Jakobi
> Sr. Architect, Thales
> 1 av. A. Fresnel
> 91767 Palaiseau, France
> Tel. : +33 1 69 41 60 51
> Mob.: + 33 6 87 47 58 19
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu<mailto:Kerberos@mit.edu>
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
.
--
Pascal Jakobi
Sr. Architect, Thales
1 av. A. Fresnel
91767 Palaiseau, France
Tel. : +33 1 69 41 60 51
Mob.: + 33 6 87 47 58 19
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
b0:b0:7c:59:e5:7a:4b:6e
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=FR, O=BioNet, CN=serveur.bionet.fr
Validity
Not Before: Apr 4 13:46:52 2011 GMT
Not After : May 4 13:46:52 2011 GMT
Subject: C=FR, O=BioNet, CN=serveur.bionet.fr
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:cf:b3:b5:33:d5:81:34:00:8b:a4:f3:a7:59:c3:
e9:a6:22:ba:b5:61:03:af:ab:80:c1:67:57:2e:09:
93:53:9f:cd:04:87:69:bc:54:f0:7d:16:87:d6:28:
0c:d3:18:11:b5:99:01:2b:d8:bf:e2:76:ba:07:1e:
64:b4:2a:b0:2f:05:35:11:24:28:ee:ce:49:2f:cd:
c5:78:78:d6:b6:03:b1:e5:b3:86:c8:f4:cc:f4:cd:
e8:78:90:bf:05:80:c3:36:90:d3:ca:4f:b0:f8:62:
6a:2a:b2:d9:da:df:28:8f:f3:5c:84:ff:2f:ab:73:
e7:f2:50:00:0b:68:84:18:01:cd:7e:c4:75:e4:52:
cb:12:55:b0:a4:7c:46:95:a0:5d:ee:cd:e6:37:bc:
29:39:2a:61:8d:c0:4b:6d:bb:54:62:b3:35:53:a2:
93:b2:0a:f2:34:b6:67:72:15:84:a1:97:d2:86:55:
26:b3:24:e8:9b:5e:0b:60:db:68:0e:80:ab:b9:c6:
b0:fd:b7:ab:a9:43:9b:13:8c:8d:0c:98:60:29:41:
ac:65:18:3b:ab:1e:cb:07:28:b3:b2:53:25:a7:1d:
f8:cf:d6:4f:23:29:75:5a:e3:c6:16:4a:ee:a4:5c:
72:41:ba:1d:e9:b6:e1:21:88:ac:01:1f:ed:17:d9:
e4:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
10:FD:F5:C3:EE:A9:59:08:92:AB:63:FE:A5:93:8F:8B:AE:AD:D4:00
X509v3 Authority Key Identifier:
keyid:10:FD:F5:C3:EE:A9:59:08:92:AB:63:FE:A5:93:8F:8B:AE:AD:D4:00
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
c1:5d:45:f5:55:05:97:11:32:62:74:88:9d:79:e6:23:d4:4a:
85:76:41:9f:e1:2f:28:fe:6b:b3:97:6d:54:27:97:fb:9c:55:
7e:6b:64:a0:0e:da:bd:68:44:68:1a:2f:49:fe:21:2b:7e:e3:
da:d1:81:7f:3a:5c:c3:ea:db:49:33:d3:45:3d:1b:e2:e3:ca:
82:76:6c:7f:a2:de:fa:ac:17:5d:4f:d0:f2:94:0b:4d:c2:3e:
69:09:95:e3:f4:9e:e0:c1:1e:ac:c8:0b:b8:be:f6:61:4b:53:
70:82:65:6d:0e:a6:85:71:ad:a7:1e:c3:1c:1b:79:7d:9f:06:
f9:c1:85:ad:67:0e:95:73:89:67:a6:05:0f:9b:00:5c:44:1e:
cc:90:6b:37:4d:6b:58:9a:ea:8a:7b:60:68:3b:12:43:9a:9f:
f0:0c:e4:85:f1:a4:6e:de:fa:61:91:9c:ff:f9:10:6b:c2:49:
4b:52:cd:70:d7:fe:65:e6:aa:1a:73:3e:f8:76:b1:87:72:4e:
53:49:0f:84:0d:6f:5c:3a:9d:61:24:55:0c:2a:9c:a8:8f:09:
8c:dc:18:da:64:fd:77:e9:d4:e8:00:3f:b2:97:a9:83:85:9a:
da:ad:3d:3c:32:60:72:94:3a:35:12:18:bd:9f:22:04:f9:5e:
d0:cb:8b:16
-----BEGIN CERTIFICATE-----
MIIDRzCCAi+gAwIBAgIJALCwfFnlektuMA0GCSqGSIb3DQEBBQUAMDoxCzAJBgNV
BAYTAkZSMQ8wDQYDVQQKDAZCaW9OZXQxGjAYBgNVBAMMEXNlcnZldXIuYmlvbmV0
LmZyMB4XDTExMDQwNDEzNDY1MloXDTExMDUwNDEzNDY1MlowOjELMAkGA1UEBhMC
RlIxDzANBgNVBAoMBkJpb05ldDEaMBgGA1UEAwwRc2VydmV1ci5iaW9uZXQuZnIw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPs7Uz1YE0AIuk86dZw+mm
Irq1YQOvq4DBZ1cuCZNTn80Eh2m8VPB9FofWKAzTGBG1mQEr2L/idroHHmS0KrAv
BTURJCjuzkkvzcV4eNa2A7Hls4bI9Mz0zeh4kL8FgMM2kNPKT7D4Ymoqstna3yiP
81yE/y+rc+fyUAALaIQYAc1+xHXkUssSVbCkfEaVoF3uzeY3vCk5KmGNwEttu1Ri
szVTopOyCvI0tmdyFYShl9KGVSazJOibXgtg22gOgKu5xrD9t6upQ5sTjI0MmGAp
QaxlGDurHssHKLOyUyWnHfjP1k8jKXVa48YWSu6kXHJBuh3ptuEhiKwBH+0X2eQP
AgMBAAGjUDBOMB0GA1UdDgQWBBQQ/fXD7qlZCJKrY/6lk4+Lrq3UADAfBgNVHSME
GDAWgBQQ/fXD7qlZCJKrY/6lk4+Lrq3UADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
DQEBBQUAA4IBAQDBXUX1VQWXETJidIideeYj1EqFdkGf4S8o/muzl21UJ5f7nFV+
a2SgDtq9aERoGi9J/iErfuPa0YF/OlzD6ttJM9NFPRvi48qCdmx/ot76rBddT9Dy
lAtNwj5pCZXj9J7gwR6syAu4vvZhS1NwgmVtDqaFca2nHsMcG3l9nwb5wYWtZw6V
c4lnpgUPmwBcRB7MkGs3TWtYmuqKe2BoOxJDmp/wDOSF8aRu3vphkZz/+RBrwklL
Us1w1/5l5qoacz74drGHck5TSQ+EDW9cOp1hJFUMKpyojwmM3BjaZP136dToAD+y
l6mDhZrarT08MmBylDo1Ehi9nyIE+V7Qy4sW
-----END CERTIFICATE-----
./kinit -X X509_user_identity='/C=FR/O=BioNet/CN=user/' u...@bionet.fr
get_plugin_data_sym(preauthentication_client_1)
init module "Encrypted Challenge", pa_type 138, flag 1
get_plugin_data_sym(service_locator)
get_plugin_data_sym(service_locator)
get_plugin_data_sym(service_locator)
preauth data types before sorting: 2 136 19 13 133
preauth data types after sorting: 2 136 19 13 133
salt len=-1; preauth data types: 2 136 19 13 133
trying modules for pa_type 2, flag 2
trying modules for pa_type 136, flag 2
etype info 0: etype 18 salt len=-1
etype info 1: etype 17 salt len=-1
etype info 2: etype 16 salt len=-1
etype info 3: etype 23 salt len=-1
trying modules for pa_type 19, flag 2
trying modules for pa_type 13, flag 2
calling internal function for pa_type 133, flag 2
trying modules for pa_type 133, flag 2
calling internal function for pa_type 2, flag 1
preauth2.c:708: salt len=-1; *etype=18 request->ktype[0]=18
Password for u...@bionet.fr:
key type 18 bytes a3 27 ...
enc data { type=18 kvno=0 data=fd 91 ... }
get_plugin_data_sym(service_locator)
get_plugin_data_sym(service_locator)
get_plugin_data_sym(service_locator)
preauth data types before sorting: 19
preauth data types after sorting: 19
salt len=-1; preauth data types: 19
etype info 0: etype 18 salt len=-1
trying modules for pa_type 19, flag 2
[root@client bin]#
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ec:9b:d5:60:dc:b1:96:f8
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=FR, O=BioNet, CN=serveur.bionet.fr
Validity
Not Before: Apr 4 13:52:11 2011 GMT
Not After : May 4 13:52:11 2011 GMT
Subject: C=FR, O=BioNet, CN=kdc.bionet.fr
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d4:5d:71:1f:8e:ac:df:d2:86:e6:38:76:19:02:
cf:b8:2a:d9:de:97:0d:81:89:d8:bf:12:06:bb:96:
78:6f:80:07:80:14:98:ee:c1:ba:96:3e:c2:b2:b3:
37:c5:3b:19:ec:ca:08:e5:24:b5:99:9b:de:29:62:
c9:6f:c9:cc:d7:2c:f1:01:3a:0b:d6:2c:b6:e0:4d:
3c:3e:58:48:a4:42:8e:1a:77:14:52:70:d6:6d:87:
fc:a5:03:4d:f3:a5:50:fb:cb:30:e8:4a:60:5e:55:
f3:f9:ec:6a:1e:f7:c2:b0:1e:96:b3:89:59:29:d1:
4b:a0:a1:c5:d8:ec:06:2f:e0:9f:4c:51:fb:58:de:
f8:77:35:06:8c:31:36:b6:e8:19:6f:85:02:1c:d8:
54:98:4c:da:2b:50:7b:04:38:44:a8:62:cb:99:65:
74:ac:f1:35:92:ae:d9:a6:a5:38:c7:b5:86:82:39:
af:a7:ef:99:8c:16:f1:6a:4f:a6:73:7b:70:96:27:
44:50:a5:2e:3c:92:f1:82:50:61:9a:2f:47:a8:b0:
cd:fe:6d:65:ee:8c:3b:28:29:ce:84:14:1a:6a:e7:
e2:13:20:d5:3d:ea:c7:cc:e9:f5:3b:f1:1c:a3:39:
4d:44:33:a8:48:03:ff:b4:73:0c:6d:a5:29:54:85:
99:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Key
Agreement
X509v3 Extended Key Usage:
1.3.6.1.5.2.3.5
X509v3 Subject Key Identifier:
97:80:12:46:11:01:5A:6C:89:59:26:02:80:AB:9C:03:A0:AF:74:30
X509v3 Authority Key Identifier:
keyid:10:FD:F5:C3:EE:A9:59:08:92:AB:63:FE:A5:93:8F:8B:AE:AD:D4:00
X509v3 Issuer Alternative Name:
<EMPTY>
X509v3 Subject Alternative Name:
othername:<unsupported>
Signature Algorithm: sha1WithRSAEncryption
3c:18:6a:86:a8:e5:85:7f:0f:df:44:f9:54:18:e4:31:e0:58:
ef:82:c1:43:29:5e:cc:93:52:c9:93:a9:c0:a8:ab:df:65:d6:
ba:68:1b:d9:41:d5:65:6a:6d:a2:8c:b2:05:cd:87:50:c5:4f:
cb:cd:e9:a6:a5:44:6e:8e:94:49:14:7f:3b:b6:f8:e5:7f:61:
d7:69:13:dd:96:99:33:bf:db:8d:7f:74:5e:1c:5c:d3:ed:3d:
b4:e7:d2:95:b9:f7:63:74:ae:0f:a7:64:91:a2:3c:41:48:47:
73:98:c4:5c:67:59:44:5f:88:4b:b3:86:50:e7:be:5c:ac:30:
22:2e:a2:46:a6:18:f7:f7:65:7c:12:23:da:81:ac:ae:26:69:
2e:e8:22:14:5d:a1:08:fe:0c:11:43:61:bc:b7:2b:5f:ee:a4:
84:af:6d:b0:2e:8c:24:67:62:fc:26:93:76:87:7f:d8:ae:9a:
e0:6f:f8:df:3c:69:72:e3:ab:c3:02:b6:06:34:6e:1b:e9:bf:
e8:31:fa:f2:69:a4:b9:2d:1e:96:55:62:82:2c:16:84:ff:a5:
05:59:fb:57:b4:aa:1b:57:7c:0a:f4:97:bc:9c:79:f8:fc:f4:
3a:ae:50:0f:fd:92:6f:c2:55:63:1c:95:55:21:30:a4:3b:3d:
80:c8:d8:2b
-----BEGIN CERTIFICATE-----
MIIDtDCCApygAwIBAgIJAOyb1WDcsZb4MA0GCSqGSIb3DQEBBQUAMDoxCzAJBgNV
BAYTAkZSMQ8wDQYDVQQKDAZCaW9OZXQxGjAYBgNVBAMMEXNlcnZldXIuYmlvbmV0
LmZyMB4XDTExMDQwNDEzNTIxMVoXDTExMDUwNDEzNTIxMVowNjELMAkGA1UEBhMC
RlIxDzANBgNVBAoMBkJpb05ldDEWMBQGA1UEAwwNa2RjLmJpb25ldC5mcjCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANRdcR+OrN/ShuY4dhkCz7gq2d6X
DYGJ2L8SBruWeG+AB4AUmO7BupY+wrKzN8U7GezKCOUktZmb3iliyW/JzNcs8QE6
C9YstuBNPD5YSKRCjhp3FFJw1m2H/KUDTfOlUPvLMOhKYF5V8/nsah73wrAelrOJ
WSnRS6ChxdjsBi/gn0xR+1je+Hc1BowxNrboGW+FAhzYVJhM2itQewQ4RKhiy5ll
dKzxNZKu2aalOMe1hoI5r6fvmYwW8WpPpnN7cJYnRFClLjyS8YJQYZovR6iwzf5t
Ze6MOygpzoQUGmrn4hMg1T3qx8zp9TvxHKM5TUQzqEgD/7RzDG2lKVSFme8CAwEA
AaOBwDCBvTAJBgNVHRMEAjAAMAsGA1UdDwQEAwID6DASBgNVHSUECzAJBgcrBgEF
AgMFMB0GA1UdDgQWBBSXgBJGEQFabIlZJgKAq5wDoK90MDAfBgNVHSMEGDAWgBQQ
/fXD7qlZCJKrY/6lk4+Lrq3UADAJBgNVHRIEAjAAMEQGA1UdEQQ9MDugOQYGKwYB
BQICoC8wLaALGwlCSU9ORVQuRlKhHjAcoAMCAQGhFTATGwZrcmJ0Z3QbCUJJT05F
VC5GUjANBgkqhkiG9w0BAQUFAAOCAQEAPBhqhqjlhX8P30T5VBjkMeBY74LBQyle
zJNSyZOpwKir32XWumgb2UHVZWptooyyBc2HUMVPy83ppqVEbo6USRR/O7b45X9h
12kT3ZaZM7/bjX90Xhxc0+09tOfSlbn3Y3SuD6dkkaI8QUhHc5jEXGdZRF+IS7OG
UOe+XKwwIi6iRqYY9/dlfBIj2oGsriZpLugiFF2hCP4MEUNhvLcrX+6khK9tsC6M
JGdi/CaTdod/2K6a4G/43zxpcuOrwwK2BjRuG+m/6DH68mmkuS0ellVigiwWhP+l
BVn7V7SqG1d8CvSXvJx5+Pz0Oq5QD/2Sb8JVYxyVVSEwpDs9gMjYKw==
-----END CERTIFICATE-----
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
kdc = SYSLOG:DEBUG:DAEMON
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = BIONET.FR
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
BIONET.FR = {
kdc = serveur.bionet.fr
admin_server = serveur.bionet.fr
pkinit_anchors = FILE:/etc/pki/krb/ca.crt
pkinit_identities = FILE:/etc/pki/krb/user.crt,/etc/pki/krb/user.key
}
[domain_realm]
.bionet.fr = BIONET.FR
bionet.fr = BIONET.FR
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = BIONET.FR
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
BIONET.FR = {
kdc = serveur.bionet.fr
admin_server = serveur.bionet.fr
pkinit_identity = FILE:/etc/pki/krb/kdc.crt,/etc/pki/kdc/kdc.key
pkinit_anchors = FILE:/etc/pki/ca.crt
}
[domain_realm]
.bionet.fr = BIONET.FR
bionet.fr = BIONET.FR
Apr 04 17:01:43 serveur.bionet.fr krb5kdc[2590](debug): checking padata
Apr 04 17:01:43 serveur.bionet.fr krb5kdc[2590](debug): .. pa_type 0x95
Apr 04 17:01:43 serveur.bionet.fr krb5kdc[2590](debug): client needs preauth,
no hw preauth; request has no preauth, no hw preauth
Apr 04 17:01:43 serveur.bionet.fr krb5kdc[2590](info): AS_REQ (4 etypes {18 17
16 23}) 10.222.144.42: NEEDED_PREAUTH: u...@bionet.fr for
krbtgt/bionet...@bionet.fr, Additional pre-authentication required
Apr 04 17:01:51 serveur.bionet.fr krb5kdc[2590](debug): checking padata
Apr 04 17:01:51 serveur.bionet.fr krb5kdc[2590](debug): .. pa_type 0x85
Apr 04 17:01:51 serveur.bionet.fr krb5kdc[2590](debug): .. pa_type 0x2
Apr 04 17:01:51 serveur.bionet.fr krb5kdc[2590](debug): .. pa_type timestamp
Apr 04 17:01:51 serveur.bionet.fr krb5kdc[2590](debug): .. .. ok
Apr 04 17:01:51 serveur.bionet.fr krb5kdc[2590](debug): .. pa_type 0x95
Apr 04 17:01:51 serveur.bionet.fr krb5kdc[2590](debug): client needs preauth,
no hw preauth; request has preauth, no hw preauth
Apr 04 17:01:51 serveur.bionet.fr krb5kdc[2590](debug): original preauth
mechanism list:
Apr 04 17:01:51 serveur.bionet.fr krb5kdc[2590](debug): ... etype-info(11)
Apr 04 17:01:51 serveur.bionet.fr krb5kdc[2590](debug): ... etype-info2(19)
Apr 04 17:01:51 serveur.bionet.fr krb5kdc[2590](debug): ... pw-salt(3)
Apr 04 17:01:51 serveur.bionet.fr krb5kdc[2590](debug): ... sam-response(13)
Apr 04 17:01:51 serveur.bionet.fr krb5kdc[2590](debug): ... Encrypted
challenge(138)
Apr 04 17:01:51 serveur.bionet.fr krb5kdc[2590](debug): sorted preauth
mechanism list:
Apr 04 17:01:51 serveur.bionet.fr krb5kdc[2590](debug): ... etype-info(11)
Apr 04 17:01:51 serveur.bionet.fr krb5kdc[2590](debug): ... etype-info2(19)
Apr 04 17:01:51 serveur.bionet.fr krb5kdc[2590](debug): ... pw-salt(3)
Apr 04 17:01:51 serveur.bionet.fr krb5kdc[2590](debug): ... sam-response(13)
Apr 04 17:01:51 serveur.bionet.fr krb5kdc[2590](debug): ... Encrypted
challenge(138)
Apr 04 17:01:51 serveur.bionet.fr krb5kdc[2590](info): AS_REQ (4 etypes {18 17
16 23}) 10.222.144.42: ISSUE: authtime 1301929311, etypes {rep=18 tkt=18
ses=18}, u...@bionet.fr for krbtgt/bionet...@bionet.fr
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ec:9b:d5:60:dc:b1:96:fa
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=FR, O=BioNet, CN=serveur.bionet.fr
Validity
Not Before: Apr 4 14:21:38 2011 GMT
Not After : May 4 14:21:38 2011 GMT
Subject: C=FR, O=BioNet, CN=user
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:cf:85:1c:0e:a6:15:db:b8:29:e3:c2:00:8e:2f:
05:cc:05:f9:d5:b0:d0:d4:d0:b3:3c:7a:59:7d:53:
94:7f:74:f8:db:b8:d1:89:21:78:b1:39:40:0a:39:
ef:f2:cb:02:53:37:c4:47:75:d9:1c:45:5b:b8:bd:
f9:3c:33:aa:65:c7:2b:c7:07:f6:18:1a:5c:5d:80:
39:cd:b5:19:72:db:3f:cf:b4:77:b0:d9:42:f5:5f:
59:46:a2:e5:8e:48:5c:12:f2:c3:05:77:35:03:64:
72:d0:0e:f3:aa:75:4a:1d:49:c2:11:97:67:b3:90:
e0:fe:9f:f9:3b:89:4a:8f:1f:7a:6c:8f:e0:e2:c9:
05:e1:4c:e6:d1:b6:ef:42:8f:06:7b:c6:e7:22:be:
64:8b:70:d5:30:1b:52:cf:41:b7:2f:e3:39:a8:ba:
e6:f7:47:3f:a7:ae:be:bf:b5:7c:81:25:3a:b8:ad:
f4:09:48:9a:52:4b:7f:35:f4:e7:94:37:4d:f6:00:
59:4c:ed:6e:06:13:e4:5c:61:0c:b4:17:d2:f3:2d:
1d:a3:37:b7:91:f8:c7:b1:2c:e1:3e:4a:61:5e:f4:
7e:fd:59:2a:8b:52:e1:e2:16:48:e7:4f:52:a9:db:
8f:2c:3d:b3:d6:c4:51:ac:65:64:3a:a5:70:09:bd:
50:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
1.3.6.1.5.2.3.4
X509v3 Subject Key Identifier:
FD:32:1E:19:4E:53:20:1A:45:DA:7A:5A:BA:44:A6:39:50:5D:CE:CC
X509v3 Authority Key Identifier:
keyid:10:FD:F5:C3:EE:A9:59:08:92:AB:63:FE:A5:93:8F:8B:AE:AD:D4:00
X509v3 Subject Alternative Name:
othername:<unsupported>
X509v3 Issuer Alternative Name:
<EMPTY>
Signature Algorithm: sha1WithRSAEncryption
3e:cc:09:05:32:a2:8e:62:80:45:52:09:16:60:0a:9c:1f:00:
84:25:d3:01:d0:8f:67:ff:1c:75:96:e8:10:30:a5:a6:ee:ed:
fd:09:89:98:eb:6e:3a:9c:3b:2a:3e:9e:49:e6:e7:9e:ff:d4:
62:d9:a9:fd:58:5d:64:33:ee:34:94:bb:73:3c:42:cd:3f:7a:
18:e0:9f:07:d7:e1:25:a3:aa:b5:31:39:28:5b:f3:43:c7:47:
7d:ab:9e:35:fc:88:43:4e:34:7a:14:c3:8e:b2:3a:23:84:13:
f7:e0:cc:94:4b:3b:de:d6:62:0c:b7:d9:4c:01:fb:60:d1:6c:
c4:76:8e:f5:3a:48:37:30:16:94:77:e3:40:d9:f0:6c:30:f1:
5b:c2:c5:e8:0e:a9:af:88:f0:a7:e7:37:e8:e1:e0:80:ed:43:
76:41:8e:0c:35:2c:ef:38:07:9e:fd:8d:a0:57:5e:5b:54:68:
a7:ab:35:e2:93:39:45:00:0a:ed:12:2a:47:66:de:d5:c4:6b:
fd:4d:ef:93:5a:c2:bc:20:b8:2e:f5:7f:2e:cc:3b:9c:71:3c:
36:56:ea:a4:a2:f4:03:a4:40:c8:1a:e5:04:90:49:ad:4d:9d:
a9:13:4b:49:61:1f:33:12:26:86:e3:2a:2a:16:46:b4:48:f5:
92:53:cb:2e
-----BEGIN CERTIFICATE-----
MIIDnjCCAoagAwIBAgIJAOyb1WDcsZb6MA0GCSqGSIb3DQEBBQUAMDoxCzAJBgNV
BAYTAkZSMQ8wDQYDVQQKDAZCaW9OZXQxGjAYBgNVBAMMEXNlcnZldXIuYmlvbmV0
LmZyMB4XDTExMDQwNDE0MjEzOFoXDTExMDUwNDE0MjEzOFowLTELMAkGA1UEBhMC
RlIxDzANBgNVBAoMBkJpb05ldDENMAsGA1UEAwwEdXNlcjCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAM+FHA6mFdu4KePCAI4vBcwF+dWw0NTQszx6WX1T
lH90+Nu40YkheLE5QAo57/LLAlM3xEd12RxFW7i9+TwzqmXHK8cH9hgaXF2AOc21
GXLbP8+0d7DZQvVfWUai5Y5IXBLywwV3NQNkctAO86p1Sh1JwhGXZ7OQ4P6f+TuJ
So8femyP4OLJBeFM5tG270KPBnvG5yK+ZItw1TAbUs9Bty/jOai65vdHP6euvr+1
fIElOrit9AlImlJLfzX055Q3TfYAWUztbgYT5FxhDLQX0vMtHaM3t5H4x7Es4T5K
YV70fv1ZKotS4eIWSOdPUqnbjyw9s9bEUaxlZDqlcAm9UL8CAwEAAaOBszCBsDAJ
BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDASBgNVHSUECzAJBgcrBgEFAgMEMB0GA1Ud
DgQWBBT9Mh4ZTlMgGkXaelq6RKY5UF3OzDAfBgNVHSMEGDAWgBQQ/fXD7qlZCJKr
Y/6lk4+Lrq3UADA3BgNVHREEMDAuoCwGBisGAQUCAqAiMCCgCxsJQklPTkVULkZS
oREwD6ADAgEBoQgwBhsEdXNlcjAJBgNVHRIEAjAAMA0GCSqGSIb3DQEBBQUAA4IB
AQA+zAkFMqKOYoBFUgkWYAqcHwCEJdMB0I9n/xx1lugQMKWm7u39CYmY6246nDsq
Pp5J5uee/9Ri2an9WF1kM+40lLtzPELNP3oY4J8H1+Elo6q1MTkoW/NDx0d9q541
/IhDTjR6FMOOsjojhBP34MyUSzve1mIMt9lMAftg0WzEdo71Okg3MBaUd+NA2fBs
MPFbwsXoDqmviPCn5zfo4eCA7UN2QY4MNSzvOAee/Y2gV15bVGinqzXikzlFAArt
EipHZt7VxGv9Te+TWsK8ILgu9X8uzDuccTw2VuqkovQDpEDIGuUEkEmtTZ2pE0tJ
YR8zEiaG4yoqFka0SPWSU8su
-----END CERTIFICATE-----
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
