W dniu 26.02.2020, śro o godzinie 07∶51 -0700, użytkownik Todd Grayson napisał: The discussions I've seen where this is done successfully use tar to grab all the files (do an ls -la in the kdc path to see what you missed) along with the krb5.conf. I believe you are missing important file(s) based on what you listed.
It looks that the problem is related to the version incompatibility: I can login from Debian 9 client (1.15) to Debian 9 KDC (1.15) but can't login from Debian 7 (1.10.1). What is strange, that I can login from Debian 9 to Debian 7 KDC. I suspect openssl CMS incompatibility: https://www.mail-archive.com/ope [email protected]/msg85910.html best regards Jarek On Wed, Feb 26, 2020, 7:31 AM jarek <[email protected]> wrote: Hello! I've tried to migrate KDC (Debian 7) to new hardware with Debian 9. We are using KDC with pkinit and smartcards. After fresh installation, I have copied /etc/krb5.conf, /etc/krb5.keytab, /etc/krb5kdc and /var/lib/krb5kdc. All certificates are in /etc/krb5kdc. The new machine has the same name as old, only IP is different. kadmin lists all pricinpals, kdc and admin server are working. kinit from remote machine fails, on KDC in authlog we have message: PREAUTH_FAILED: Failed to verify CMS message: bad signature What can be wrong ? Best regards Jarek ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
