>Does anyone know the options for MacOS's customized kinit to find >certificates? Unsure if MacOS PKINIT support is functional.
I'll be honest ... we support PKINIT on macOS X, but only by providing our own custom build of MIT Kerberos (we have some relatively minor changes to MIT Kerberos; I believe all of our PKINIT-related changes have been pushed upstream to MIT). The native MacOS X Kerberos implementation is based on Heimdal and PKINIT is persnickety enough that we didn't even consider using it. I am unclear how the Heimdal Kerberos implementation looks for the client certificate and key, but that seems to be where things are going wrong based on the error messages you posted. The source code to most of the Heimdal Kerberos implementation is available on opensource.apple.com so you might have to dig around there to see what it is expecting. --Ken ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
