I have followed that tutorial to setup my machine without success, that's when I wrote to this list initially.
As for the "Decrypt integrity check failed", I can do a kinit and successfully receive a ticket. Eventually, what's failing could be that the password is being encrypted in the client machine and then not successfully decrypted on the server side, I don't really know.. As for the password itself I am sure it is being typed correctly :) I still don't understand what is this pre-authentication, how it is performed and how/when it is being used or checked. Could you clarify this? Thanks once again, Tiago On Wed, Feb 22, 2012 at 8:44 PM, Mantas M. <[email protected]> wrote: > On Wed, Feb 22, 2012 at 08:41:15PM +0100, Tiago Elvas wrote: > > Thanks for the tip. > > > > I know have the following error: > > > > Feb 22 20:39:37 ldapserver krb5kdc[10211](info): AS_REQ (5 etypes {3 1 23 > > 16 17}) 172.23.14.210: NEEDED_PREAUTH: [email protected] for > > krbtgt/[email protected], Additional pre-authentication required > > Feb 22 20:39:37 ldapserver krb5kdc[10211](info): preauth (timestamp) > verify > > failure: Decrypt integrity check failed > > Feb 22 20:39:37 ldapserver krb5kdc[10211](info): AS_REQ (5 etypes {3 1 23 > > 16 17}) 172.23.14.210: PREAUTH_FAILED: [email protected] for > > krbtgt/[email protected], Decrypt integrity check failed > > > > Any clue on what's failing? > > "Decrypt integrity check failed" almost always means "the password given > to `kinit` was incorrect". > > > Another question, how should I configure openDS access control to accept > > GSSAPI with kerberos tickets? > > I believe this is already documented at < > https://www.opends.org/wiki/page/GSSAPIConfiguration>. > > -- > Mantas M. > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
