<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><br><div><div>On May 16, 2014, at 3:23 PM, Yoann Gini <<a href="mailto:yoann.gini@gmail.com">yoann.gini@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><div><blockquote type="cite" style="font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><pre style="margin: 0in 0in 0.0001pt; font-size: 13px; font-family: 'Courier New'; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; word-spacing: 0px; -webkit-text-stroke-width: 0px; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; ">I got the error “kinit: krb5_pk_enterprise_certs: Failed to find PKINIT certificate: Certificate not found”. The smart card I am using for this is the DoD CAC.<o:p></o:p></span></pre></blockquote></div><br></div><div>I’ve got this problem too. I’ve found (via reverse engineering) that the Kerberos framework has some problems in the algo used to validate the certificate on the card. It seems to see it but don’t take it as valid.</div></div></blockquote></div><div><br></div><div>Alexander's cert ought to be OK since it's at least recognized, but I've seen a similar apparent mis-match in processing the KDC reply from a Heimdal KDC. I suspect the problem is a mis-match between Apple's PKI framework and Heimdal.</div><br><div apple-content-edited="true">
<span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><div>Personal email. <a href="mailto:hbhotz@oxy.edu">hbhotz@oxy.edu</a></div><div><br></div></span><br class="Apple-interchange-newline">
</div>
<br></body></html>