Russ Allbery wrote:

>"" writes:
>> = {
>> admin_server =
>> kdc =
>> v4_instance_convert = {
>> gesl =
>> lithium = lithium.lcs.
>> }

>This is almost certainly not what you want. You're confusing the DNS SRV
>records with the names of realms and hosts. The krb5.conf (and kdc.conf)
>should contain simple realm names and hostnames, not the SRV record names.

Hi Russ Allbery

Thank you for your replay. I know this not a good practice,but the
problem, i am facing in the AS_REQ is that, the pa_data field is not
getting filled with the certificates provided from the command line. I
am able to get AS_REP with out certificates . I am using krb5-1.6.3.
It will be a great help if i get a link which gives example for using
PKINIT enabled client configuration for using certificates for

thank you.