Hello! I've tried to migrate KDC (Debian 7) to new hardware with Debian 9. We are using KDC with pkinit and smartcards. After fresh installation, I have copied /etc/krb5.conf, /etc/krb5.keytab, /etc/krb5kdc and /var/lib/krb5kdc. All certificates are in /etc/krb5kdc. The new machine has the same name as old, only IP is different. kadmin lists all pricinpals, kdc and admin server are working. kinit from remote machine fails, on KDC in authlog we have message:
PREAUTH_FAILED: Failed to verify CMS message: bad signature What can be wrong ? Best regards Jarek ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos