Russ Allbery wrote:

>"naveen.bn" writes:
>
>
>
>>[realms]
>> _kerberos._udp.globaledgesoft.com = {
>> admin_server = 172.16.8.141
>> kdc = 172.16.8.141
>> v4_instance_convert = {
>> gesl = _kerberos._udp.globaledgesoft.com
>> lithium = lithium.lcs. _kerberos._udp.globaledgesoft.com
>> }
>>
>>

>
>This is almost certainly not what you want. You're confusing the DNS SRV
>records with the names of realms and hosts. The krb5.conf (and kdc.conf)
>should contain simple realm names and hostnames, not the SRV record names.
>
>
>

Hi Russ Allbery

Thank you for your replay. I know this not a good practice,but the
problem, i am facing in the AS_REQ is that, the pa_data field is not
getting filled with the certificates provided from the command line. I
am able to get AS_REP with out certificates . I am using krb5-1.6.3.
It will be a great help if i get a link which gives example for using
PKINIT enabled client configuration for using certificates for
authentication.

thank you.