[19522] in Kerberos
Decrypt integrity check failed
daemon@ATHENA.MIT.EDU (Muhammed Reahan)
Mon Jul 7 23:39:22 2003
Message-ID: <20030708033815.35159.qmail@web40511.mail.yahoo.com>
Date: Mon, 7 Jul 2003 20:38:15 -0700 (PDT)
From: Muhammed Reahan <reahan2001@yahoo.com>
To: kerberos@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Errors-To: kerberos-bounces@mit.edu
Decrypt integrity check failed
First of all I created a principal name test. It is successfully created
i entered the password for it two times.
at this time the following attributes of test principal has the database
kadmin.local: getprinc test
Principal: test@VISION.PAF
Expiration date: [never]
Last password change: Mon Jul 07 17:01:30 Gmt 2003
Password expiration date: [none]
Maximum ticket life: 24855 days 03:14:07
Maximum renewable life: 24855 days 03:14:07
Last modified: Mon Jul 07 17:01:30 Gmt 2003 (root/admin@VISION.PAF)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 1
Key: vno 1, DES cbc mode with CRC-32, no salt
Attributes:
Policy: [none]
Then i added the entry for the principal in the keytab file as
kadmin.local: ktadd test
Entry for principal test with kvno 2, encryption type DES-CBC-CRC added to keytab
WRFILE:/etc/krb5/krb5.keytab.
Then the attribute of test principal in the database are as follows
kadmin.local: getprinc test
Principal: test@VISION.PAF
Expiration date: [never]
Last password change: Mon Jul 07 17:04:24 Gmt 2003
Password expiration date: [none]
Maximum ticket life: 24855 days 03:14:07
Maximum renewable life: 24855 days 03:14:07
Last modified: Mon Jul 07 17:04:24 Gmt 2003 (root/admin@VISION.PAF)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 1
Key: vno 2, DES cbc mode with CRC-32, no salt
Attributes:
Policy: [none]
The enteries in the keytab file shows as follows
klist -k
Keytab name: FILE:/etc/krb5/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
3 host/mrt-mccgui.vision.paf@VISION.PAF
7 root/mrt-mccgui.vision.paf@VISION.PAF
2 test@VISION.PAF
Now i want to get the ticket of principal test with kinit command.
kinit test
Password for test@VISION.PAF:
kinit: Password incorrect
i entered the password correctly which i entered the first time.But automatically password is
changed. i have tried this with two or three principals.
Now if i change the password using kadmin then kVNO is changed and becomes 3
But in the keytable file krb5.keytab its version number is 2 now in the database KVNO is 3 so here is missmatch of keys number.
If i repeat the step once again and add entery once again in the key tab file
then the keyVNO became same at both places that is 4.
Now if i want to get the credential for the principal test then the again error message comes that your password is in correct.so this goes same like a loop.
Another solution is that if i change the KVNO using gkadmin programe
the KVNO is successfully changed.
Then my programe gives me the following error message while accepting security context
GSS-API error accepting context: Unspecified GSS failure. Minor code may provide more information
GSS-API error accepting context: Decrypt integrity check failed
please help me in this regard
Thanks in advance
By Reahan Bahria University (BIMCS) ISlamabad
---------------------------------
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
