Hi Greg, Yup - Running "1.10+dfsg~beta1" - the default on my Ubuntu systems.
In retrospect I should have not just followed the pkinit setup instructions blindly, running openssl commands without giving them some thought. Without specifying days it will default to 30 days, and combined with the lack of good error reporting... Whew, panic time! Appear to be all good now. Cheers, - James James Croall | Senior Product Manager Coverity | 185 Berry Street | Suite 6500, Lobby 3 | San Francisco, CA 94107 Office: 415.694.5354 | Mobile: 202.246.6613 | jcro...@coverity.com The Leader in Development Testing On 10/11/13 9:43 PM, "Greg Hudson" <ghud...@mit.edu> wrote: >On 10/11/2013 11:54 PM, James Croall wrote: >> AHA! I must have accidentally set the certificate to expire in a month >> rather than a year. Approximate times line up. Reasonable user error. >>Very >> poor error reporting though! > >I believe I improved the error reporting for this case in 1.11: > > >https://github.com/krb5/krb5/commit/6d19259c7eb9277c12a7f2eec9aa80563b4c5a >cc > >Can you confirm that you are running 1.10 or earlier? > > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos