Well, probably I missed something...
I see  very weird thing: when my system-auth pam config *contains* pm_krb5
module before pam_ldap, use can login. When there is just pam_ldap, user
cannot login.
In assumption that we're able to use LDAP authentication, but some wrong
with Kerberos, situation should be opposite, IMHO.

Password is right. BTW, is there any way  (increase debug level?) to get
more meaningful message?




On Wed, Jun 26, 2013 at 12:39 PM, Sumit Bose <sb...@redhat.com> wrote:

> On Wed, Jun 26, 2013 at 12:28:57PM +0300, Vitaly wrote:
> > How I should debug & fix "Decrypt integrity check failed"  problem?
>
> This typically means wrong password.
>
> HTH
>
> bye,
> Sumit
> >
> > TIA,
> > Vitaly
> >
> >
> > Jun 26 09:06:10 serv02.prod.example.com krb5kdc[7748](info): AS_REQ (12
> > etypes {18 17 16 23 1 3 2 11 10 15 12 13}) 192.168.99.21:
> NEEDED_PREAUTH:
> > usern...@prod.example.com for krbtgt/prod.example....@prod.example.com,
> > Additional pre-authentication required
> > Jun 26 09:06:10 serv02.prod.example.com krb5kdc[7767](info): preauth
> > (timestamp) verify failure: Decrypt integrity check failed
> > Jun 26 09:06:10 serv02.prod.example.com krb5kdc[7767](info): AS_REQ (12
> > etypes {18 17 16 23 1 3 2 11 10 15 12 13}) 192.168.99.21:
> PREAUTH_FAILED:
> > usern...@prod.example.com for krbtgt/prod.example....@prod.example.com,
> > Decrypt integrity check failed
>
> > _______________________________________________
> > Freeipa-users mailing list
> > Freeipa-users@redhat.com
> > https://www.redhat.com/mailman/listinfo/freeipa-users
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to