[37907] in Kerberos
Kerberos failed with krb5krb_AP_ERR_ BAD_INTEGRITY
daemon@ATHENA.MIT.EDU (Ashish)
Tue Mar 21 03:21:37 2017
From: Ashish <vermaashish_mca@hotmail.com>
To: "Kerberos@mit.edu" <Kerberos@mit.edu>
Date: Tue, 21 Mar 2017 07:21:17 +0000
Message-ID: <PN1PR01MB0157A6BE525A62E6745753209A3D0@PN1PR01MB0157.INDPRD01.PROD.OUTLOOK.COM>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: text/plain; charset="windows-1252"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hi All ,
This is my setup .
windows 8.1 64 bit
windows 2012 R2 server AD and KDC .
BS2000 with MIT kerberos 1.13.2
I generate keytab for SPN using this command :
ktpass -princ host/<Host name>@domain name -mapuser <domain name\domain user pass> pass <password> -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -out C:\KeyTab\HMAC7U6.keytab
I am trying to decrypt AP_REQ using this keytab.
I looked at kvno, encryption type and everything else matches.
while configuring the DES-CBC-CRC and DES-CBC-MD5 it works fine and Kerberos connection established.
Why would this fail while decrypting the packet in krb5_c_decrypt -> krb5_k_decrypt -> krb5int_arcfour_decrypt
returning KRB5KRB_AP_ERR_BAD_INTEGRITY?
I have tried debugging it abut I don’t find a reason why it is failing.
Any help would be appreciated !!!
Thanks & Regards
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
