[38689] in Kerberos
Re: Failed to verify CMS message: bad signature
daemon@ATHENA.MIT.EDU (Todd Grayson)
Wed Feb 26 09:52:40 2020
MIME-Version: 1.0
In-Reply-To: <1582727186.27485.13.camel@poczta.srv.pl>
From: Todd Grayson <tgrayson@cloudera.com>
Date: Wed, 26 Feb 2020 07:51:59 -0700
Message-ID: <CALNT6MUEyhS6oJuJiAbQsNMdiLs+9c9vjq2WBqLt1Zbqo8ZX9g@mail.gmail.com>
To: jarek <jarek@poczta.srv.pl>
Cc: "kerberos@MIT.EDU" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
The discussions I've seen where this is done successfully use tar to grab
all the files (do an ls -la in the kdc path to see what you missed) along
with the krb5.conf. I believe you are missing important file(s) based on
what you listed.
On Wed, Feb 26, 2020, 7:31 AM jarek <jarek@poczta.srv.pl> wrote:
> Hello!
>
> I've tried to migrate KDC (Debian 7) to new hardware with
> Debian 9.
> We are using KDC with pkinit and smartcards.
> After fresh installation, I have copied /etc/krb5.conf,
> /etc/krb5.keytab, /etc/krb5kdc and /var/lib/krb5kdc.
> All certificates are in /etc/krb5kdc.
> The new machine has the same name as old, only IP is different.
> kadmin lists all pricinpals, kdc and admin server are working.
>
> kinit from remote machine fails, on KDC in authlog we have
> message:
>
> PREAUTH_FAILED: Failed to verify CMS message: bad signature
>
> What can be wrong ?
>
> Best regards
> Jarek
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
