I am trying to run pkinit/X.509 with the standard MIT rpms delivered
on CentOS/Fedora/RHEL.
I have created the certificates with OpenSSL, everything looks fine
- I have a client cert such
as/C=FR/L=Gennevilliers/O=Thales/CN=Toto, and the corresponding KDC
cert and CA cert have been checked.
I also modified the principal with kadmin : "modprinc
+requires_preauth toto".
I run kinit for the "toto" principal with KRB5_TRACE set. I can see
that the KDC sends the following to the client :