Did you run kinit on Linux with MIT Kerberos client package installed ? Or you’re running any Java provided kinit command ?
The issue might be related to the issue, http://bugs.java.com/bugdatabase/view_bug.do?bug_id=7067974 This is possible because ApacheDS currently relies on JRE in the encryption support. Similar issues like this had been complained quite much if you’d like google about it. Unfortunately no plain solution is clear to me. One stupid way to work around this would suggest you disable preauth if ApacheDS server allows that via configuration. By the way, we will check compatibility between Kerby with MIT Kerberos/MS AD and keep such issue in mind. With such aspects resolved we would enhance ApacheDS by leveraging Kerby library if the server still desire to embed a KDC server. But this won’t happen so soon so it may not help for you at this time. Regards, Kai From: kumar r [mailto:[email protected]] Sent: Friday, March 06, 2015 7:02 PM To: [email protected]; [email protected] Subject: Kerberos issue - reg Hi, I have installed ApacheDS 2.0.0-M19, i could successfully create users, groups using ldap. When i enable kerberos, it couldn't authenticate from apache studio or kinit command. When trying to get ticket using kinit command, i am getting "Integrity check on decrypted field failed" exception. When i use invalid principal, it shows "client not found". It seems that it could contact KDC server in apacheds but it might be encryption problem. Checked these in windows 8 OS. Referred many links but unable to find the solution. Found two jira task link related to this problem https://issues.apache.org/jira/browse/DIRSERVER-1821 https://issues.apache.org/jira/browse/DIRSTUDIO-992 I have created krbtgt and ldap service referred in https://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html. Can you please tell me how to solve this problem? Thanks, R.Kumar
