Hi Andreas,
oh, huge log ;-)
Andreas Backman wrote:
[08:59:49] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Responding with Authentication Service (AS) reply:
messageType: AS_REP
protocolVersionNumber: 5
nonce: 790659966
clientPrincipal: [email protected]
client realm: KPLATSEN.LOCAL
serverPrincipal: krbtgt/[email protected]
server realm: KPLATSEN.LOCAL
auth time: 20100203075949Z
start time: null
end time: 20100204075942Z
renew-till time: null
hostAddresses: null
here you got the TGT...
[09:00:26] DEBUG
[org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService] -
Responding with Ticket-Granting Service (TGS) reply:
messageType: TGS_REP
protocolVersionNumber: 5
nonce: 1265184026
clientPrincipal: [email protected]
client realm: KPLATSEN.LOCAL
serverPrincipal: host/[email protected]
here you got the service ticket...
[09:00:46] WARN
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
Integrity check on decrypted field failed (31)
org.apache.directory.server.kerberos.shared.exceptions.KerberosException:
Integrity check on decrypted field failed
...
[09:00:46] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
Responding to request with error:
explanatory text: Integrity check on decrypted field failed
error code: 31
clientPrincipal: null
client time: null
serverPrincipal: krbtgt/[email protected]
server time: 20100203080046Z
I guess there is a problem with your keys. Could you please verify that
your sshd keytab is ok? You could also try to run sshd in debug mode.
BTW: I was able to get a kerberized SSHD running (on localhost) and
updated the guide [1].
Kind Regards,
Stefan
[1]http://cwiki.apache.org/DIRxINTEROP/kerberos-authentication-to-sshd.html
