cross realm : decrypt integrity check failed
Dave Botsch
botsch at cnf.cornell.edu
Wed Nov 8 14:44:25 EST 2006
MIT on both sides.
So, I know I've got the right password... I can manually kinit
krbtgt/realmB at realmA using the supplied cross-realm password -- that works
So, I can take that same password, copy it to the clipboard so that I know I
don't fat-finger it, paste it in to the cross realm principal on realmB... and
I get that error.
I'm wondering if it's like I said a unicode weirdness (which doesn't make
sense) or if it's somehow using the wrong enctype (even though the enctypes
supposedly match).
and yes... kdestroy/kinit
On Wed, Nov 08, 2006 at 02:39:34PM -0500, Ken Hornstein wrote:
> >> This error is a classic "keys don't match between the two KDCs" problem.
> >>
> >> --Ken
> >
> >and yet, I don't know how many ways I can paste/type in the same password again
> >and again and again.
> >
> >Could it be something w.r.t. unicode/character encoding?
>
> Well ... I dunno. I think you said you're using Heimdal, right? I
> would think that it would work; are you running the same version of
> Kerberos on each KDC? Dumb question time; did you run kinit after
> changing your password to clear out your cached tickets?
>
> You could try a really simple password, like "a" that isn't easy to
> fat-finger.
>
> --Ken
--
********************************
David William Botsch
Programmer/Analyst
CNF Computing
botsch at cnf.cornell.edu
********************************
More information about the Kerberos
mailing list