[Pki-users] X.509 preauth

Hi there I am trying to run pkinit/X.509 with the standard MIT rpms delivered on CentOS/Fedora/RHEL. I have created the certificates with OpenSSL, everything looks fine - I have a client cert such as/C=FR/L=Gennevilliers/O=Thales/CN=Toto, and the corresponding KDC cert and CA cert have been checked. I also modified the principal with kadmin : "modprinc +requires_preauth toto". I run kinit for the "toto" principal with KRB5_TRACE set. I can see that the KDC sends the following to the client : [6832] 1446241709.215007: Processing preauth types: 136, 19, 2, 133 PA-PK-AS-REQ (16), which I understand is for X.509 certificate preauthentication, is not in the list. I guess something is therefore wrong on my KDC configuration, but I cannot see what. Can someone enlight me ? Thanks in advance -- Pascal Jakobi <mailto:pascal.jakobi@gmail.com> 116 rue de Stalingrad, 93100 Montreuil France Tel : +33 6 87 47 58 19