RE: kinit failed on - Integrity check on decrypted field failed

Sun, 07 Apr 2013 18:15:27 -0700 

Here is the content of the krb5.conf file. 


 [logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 debug = true
 default_realm = EXAMPLE.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 rdns = false
 forwardable = true
 allow_weak_crypto = yes

[realms]
 EXAMPLE.COM = {
  kdc = 127.0.0.1:60088
  admin_server = 127.0.0.1:60464
  default_domain = EXAMPLE.COM
 }


[domain_realm]
 .EXAMPLE.COM = EXAMPLE.COM
 EXAMPLE.COM = EXAMPLE.COM

-----Original Message-----
From: Emmanuel Lécharny [mailto:[email protected]] 
Sent: Friday, April 05, 2013 10:33 PM
To: Apache Directory Developers List
Subject: Re: kinit failed on - Integrity check on decrypted field failed

Le 4/6/13 2:23 AM, Wu, James C. a écrit :
> Hi,

Hi,
>
> I am trying to set up ApacheDS as a KDC. After adding hnelson using 
> the following ldif, I could not get kinit to get the ticket
>
>        dn: uid=hnelson,ou=users,dc=example,dc=com
>       objectclass: top
>       objectclass: person
>       objectclass: inetOrgPerson
>       objectclass: krb5Principal
>       objectclass: krb5KDCEntry
>       cn: Horatio Nelson
>       sn: Nelson
>       uid: hnelson
>       userpassword: secret
>       krb5PrincipalName: [email protected]
>
>
> The log output of ApacheDS show the following output:
>
>       [cloud-user@n7-z01-0a2a0c3a ~]$ [17:15:57] ERROR 
> [org.apache.directory.server.KERBEROS_LOG] - No timestamp found
>       [17:15:57] WARN 
> [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - 
> Additional pre-authentication required (25)
>       [17:15:57] WARN [org.apache.directory.server.KERBEROS_LOG] - Additional 
> pre-authentication required (25)
>       [17:16:00] WARN 
> [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - 
> Integrity check on decrypted field failed (31)
>       [17:16:00] WARN [org.apache.directory.server.KERBEROS_LOG] - 
> Integrity check on decrypted field failed (31)
>
> Could someone give me some hint?

First, can you give us the version you are using ?

Can you also provide the krb5.conf file you are using ?

Its very likely that the encryptionType you are using on the client is not 
correctly recognized by the server.

--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Reply via email to