Christian Salzmann <[email protected]> writes: > We have several Debian lenny PCs authenticating users successfully via > pam-krb5 against a Windows AD server. The PCs are members of a MIT > kerberos realm in cross-realm trust to the AD realm allowing > single-sign-on access to several kerberized services (apache, svn, ssh).
> In squeeze, krb5 authentication fails with "pam_krb5): salzmann: > credential verification failed: Decrypt integrity check failed". > krb5.conf and krb5.keytab are identical wrt lenny installation; > "allow_weak_crypto" is enabled. "credential verification failed" means that pam-krb5 was unable to verify the ticket was correct by obtaining service tickets for the local system and decrypting them with the key in krb5.keytab. Could you try the following commands and see what they return? % klist -ke /etc/krb5.keytab % kinit -k -t /etc/krb5.keytab <principal> where <principal> is the principal that's stored in that keytab. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
