[19525] in Kerberos
Re: Decrypt integrity check failed
daemon@ATHENA.MIT.EDU (Donn Cave)
Tue Jul 8 13:12:30 2003
From: Donn Cave <donn@u.washington.edu>
Date: Tue, 08 Jul 2003 09:44:12 -0700
Message-ID: <donn-F57EF7.09441208072003@nntp1.u.washington.edu>
To: kerberos@MIT.EDU
Errors-To: kerberos-bounces@mit.edu
In article <20030708033815.35159.qmail@web40511.mail.yahoo.com>,
reahan2001@yahoo.com (Muhammed Reahan) wrote:
> Decrypt integrity check failed
> First of all I created a principal name test. It is successfully created
> i entered the password for it two times.
...
> Then i added the entry for the principal in the keytab file as
>
> kadmin.local: ktadd test
> Entry for principal test with kvno 2, encryption type DES-CBC-CRC added to
> keytab
> WRFILE:/etc/krb5/krb5.keytab.
...
> Now i want to get the ticket of principal test with kinit command.
>
> kinit test
> Password for test@VISION.PAF:
> kinit: Password incorrect
> i entered the password correctly which i entered the first time.But
> automatically password is
> changed. i have tried this with two or three principals.
Yes, ktadmin invents a pseudo-random key when it adds a keytab
entry, so there is no way to subsequently authenticate with a
password. If you want a keytab entry and a known password, you
have to use ktutil to create it. I think ideally this would very
rarely be necessary.
Donn Cave, donn@u.washington.edu
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
