Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-93187

PKINIT: No fallback to client password preauth when principal certificate mismatch [rhel-10]

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-10.0
    • krb5
    • None
    • No
    • None
    • rhel-idm-uah
    • ssg_idm
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      On RHEL 10 and 9, in case the identity of the certificate use for pre-authentication does not match the requested principal, kinit will fail with the following error without falling back to password method:

      kinit: Client name mismatch while getting initial credentials

              jrische@redhat.com Julien Rische
              jrische@redhat.com Julien Rische
              Julien Rische Julien Rische
              Michal Polovka Michal Polovka
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: