← Back to team overview

enterprise-support team mailing list archive

  1. enterprise-support team
  2. Mailing list archive
  3. Message #10759

[Bug 2098484] [NEW] Pkinit fails with invalid argument

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Hello,

I am trying to setup a new Linux Citrix VDI on Ubuntu 24.04 with FAS
(https://docs.citrix.com/en-us/linux-virtual-delivery-agent/current-
release/configure/authentication/federated-authentication-service). For
this the packages krb5-pkinit and libpam-krb5 are required.
Unfortunately the login process fails with the following error message:

Preauth module pkinit (16) (real) returned: 22/Invalid argument


For the authentication process the following pam module from Citrix is used:

#Linux VDA Federated Authentication#
#%PAM-1.0
#pam auth
auth        sufficient    pam_krb5.so try_pkinit preauth_opt=X509_user_identity=PKCS11:/usr/lib/x86_64-linux-gnu/libctxpkcs11.so
@include    common-auth
#pam account
account     sufficient    pam_krb5.so
@include    common-account
#pam password
password    sufficient    pam_krb5.so
@include    common-password
#pam session
session     optional      pam_krb5.so
@include    common-session

package versions:

krb5-pkinit:amd64 1.20.1-6ubuntu2.4
libpam-krb5:amd64 4.11-1build3

Is it possible, that on of the arguments inside the pam module is not correct? 
The same process (the servers are setup via Ansible) is working on a 22.04 machine, logically with other package versions.


--------------

1) lsb_release -rd:
No LSB modules are available.
Description:	Ubuntu 24.04.2 LTS
Release:	24.04

2) apt-cache policy krb5-pkinit
krb5-pkinit:
  Installed: 1.20.1-6ubuntu2.4
  Candidate: 1.20.1-6ubuntu2.4

Thank you!

Regards,
Manuel

** Affects: krb5 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to krb5 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/2098484

Title:
  Pkinit fails with invalid argument

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/2098484/+subscriptions
  Thread PreviousDate PreviousThread Next