Hello!
I've tried to migrate KDC (Debian 7) to new hardware with
Debian 9.
We are using KDC with pkinit and smartcards.
After fresh installation, I have copied /etc/krb5.conf,
/etc/krb5.keytab, /etc/krb5kdc and /var/lib/krb5kdc.
All certificates are in /etc/krb5kdc.
The new machine has the same name as old, only IP is different.
kadmin lists all pricinpals, kdc and admin server are working.
kinit from remote machine fails, on KDC in authlog we have
message:
PREAUTH_FAILED: Failed to verify CMS message: bad signature
What can be wrong ?
Best regards
Jarek
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
