Hi,
I have problem, when I define in Subject Alt Name the K5PN (Kerberos Principal Name).
I don’t know, how can I define K5PN in ASN1 format. I try put there the only “name@REALM”.
When the certificate were created, I display it, but the parameter “X509v3 Subject Alternative Name:” contain only: “othername:”.
I parse the certificate with “openssl x509 -in CERTIFICATE.pem -noout -text” and in parameter “X509v3 Subject Alternative Name:” I get “othername:<unsupported>”.
The format is required for conversion: ASN1_STRING_to_UTF8 witch is defined in KRB mapper. This mapper is used for loging with smartcard.
pklogin_finder error output:
…
DEBUG:mapper_mgr.c:73: Loading static module for mapper ‘krb’
DEBUG:krb_mapper.c:136: KPN mappper started
DEBUG:mapper_mgr.c:196: Inserting mapper [krb] into list
DEBUG:mapper_mgr.c:73: Loading static module for mapper ‘null’
DEBUG:mapper_mgr.c:196: Inserting mapper [null] into list
DEBUG:pklogin_finder.c:127: Found ‘1’ certificate(s)
DEBUG:pklogin_finder.c:131: verifing the certificate #1
DEBUG:cert_vfy.c:338: Adding hashdir lookup to x509_store
DEBUG:cert_vfy.c:350: Adding hash dir ‘/etc/pam_pkcs11/cacerts’ to CACERT checks
DEBUG:cert_vfy.c:436: certificate is valid
DEBUG:cert_vfy.c:207: crl policy: 0
DEBUG:cert_vfy.c:210: no revocation-check performed
DEBUG:cert_vfy.c:450: certificate has not been revoked
DEBUG:pklogin_finder.c:145: Trying to deduce login from certificate
DEBUG:cert_info.c:416: Trying to find a Kerberos Principal Name in certificate
DEBUG:cert_info.c:441: Found Kerberos Principal Name
DEBUG:cert_info.c:443: ASN1_STRING_to_UTF8() failed: error:00000000:lib(0):func(0):reason(0)
DEBUG:cert_info.c:454: Certificate does not contain a KPN entry
DEBUG:krb_mapper.c:70: get_krb_principalname() failed
…
Please, can somebody help me, howto define Subject Alt Name in Yast?
Thanks Honzik