[Samba] PKinit does not seem to be correctly setup - password requested and no pkinit(?)
Olivier MARTIN
olivier at labapart.com
Thu Aug 10 22:26:17 UTC 2023
Thanks a lot Rowload, I missed this important log messages. Effectively,
installing 'krb5-pkinit', helped me going further!
On 10.08.23 13:21, Rowland Penny via samba wrote:
> On Mon, 7 Aug 2023 15:05:03 +0200
> Olivier MARTIN via samba <samba at lists.samba.org> wrote:
>
>> Actually, I realised after I forgot to add debug output from kinit.
>>
>>
>> Here are the log for kinit: $ KRB5_TRACE=/dev/stdout kinit -V
>> userresttest -X
>> "X509_user_identity=FILE:/tmp/vm-test-server-pki/certs/userresttest.crt,/tmp/vm-test-server-pki/certs/private/userresttest.key"
>> Using default cache: /tmp/krb5cc_1000
>> Using principal: userresttest at SAMDOM.VM-TEST-SERVER
>> [33961] 1691148868.491458: Error loading plugin module pkinit:
>> 2/unable to load plugin
>> [/usr/lib/x86_64-linux-gnu/krb5/plugins/preauth/pkinit.so]:
>> /usr/lib/x86_64-linux-gnu/krb5/plugins/preauth/pkinit.so: cannot open
>> shared object file: No such file or directory
>>
> I am not an expert here by any means, but doesn't the above mean that
> pkinit isn't working, possibly because the required plugin isn't
> installed ?
>
> Try installing krb5-pkinit
>
> Rowland
>
More information about the samba
mailing list