[Samba] PKinit does not seem to be correctly setup - password requested and no pkinit(?)

Rowland Penny rpenny at samba.org
Thu Aug 10 11:21:12 UTC 2023

On Mon, 7 Aug 2023 15:05:03 +0200
Olivier MARTIN via samba <samba at lists.samba.org> wrote:

> Actually, I realised after I forgot to add debug output from kinit.
> Here are the log for kinit: $ KRB5_TRACE=/dev/stdout kinit -V 
> userresttest -X 
> "X509_user_identity=FILE:/tmp/vm-test-server-pki/certs/userresttest.crt,/tmp/vm-test-server-pki/certs/private/userresttest.key"
> Using default cache: /tmp/krb5cc_1000
> Using principal: userresttest at SAMDOM.VM-TEST-SERVER
> [33961] 1691148868.491458: Error loading plugin module pkinit:
> 2/unable to load plugin 
> [/usr/lib/x86_64-linux-gnu/krb5/plugins/preauth/pkinit.so]: 
> /usr/lib/x86_64-linux-gnu/krb5/plugins/preauth/pkinit.so: cannot open 
> shared object file: No such file or directory

I am not an expert here by any means, but doesn't the above mean that
pkinit isn't working, possibly because the required plugin isn't
installed ?

Try installing krb5-pkinit


More information about the samba mailing list