[33324] in Kerberos
Re: krb5_get_init_creds_password: Decrypt integrity check failed
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Apr 11 16:45:47 2011
From: Greg Hudson <ghudson@mit.edu>
To: Russ Allbery <rra@stanford.edu>
In-Reply-To: <87mxjw1s0k.fsf@windlord.stanford.edu>
Date: Mon, 11 Apr 2011 16:45:39 -0400
Message-ID: <1302554739.10465.610.camel@t410>
Mime-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Mon, 2011-04-11 at 15:56 -0400, Russ Allbery wrote:
> You've got all the information that pam_krb5 has. It did a password
> authentication, and the key formed from the password didn't decrypt the
> KDC reply. There isn't much else it can tell you.
There is one thing pam_krb5 could do to help debug problems like this,
which is provide an option to turn on krb5 tracing if
krb5_set_trace_filename() is available (MIT krb5 1.9 or later). Since
pam_krb5 creates a secure context, the KRB5_TRACE environment variable
doesn't operate.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
