Decrypt integrity check failed
Christian
cgregoir99 at yahoo.com
Wed Oct 30 04:41:16 EST 2002
"Sam Hartman" <hartmans at mit.edu> wrote in message
news:tsl65vl6nmi.fsf at konishi-polis.mit.edu...
> It seems unlikely that you've got keytab problems if it ever works.
> What call is returning the decrypt integrity check failed? The
> rd_priv call or the rd_req call?
>
> Is it possible that your network code is somehow mangling data it is
> sending some of the time? For example, does your code deal with nulls
> in the output?
>
>
> What this error means is that when some Kerberos message is decrypted,
> the checksum does not agree with the message content. This either
> means the message was modified or the key is wrong. The most common
> cause is a persistent failure of krb5_rd_req caused by keytab keys not
> agreeing with the KDC, but that seems not to be the case here.
>
Thanks for the answer Sam.
I found my mistake in the meantime. I read data in a temporary buffer then
copying it into a krb5_data variable using strncpy which would truncate the
data if any null character would appear in it, which doesn't seem to happen
each time. I should use memcpy.
Pretty obvious right now but I've struggled single it out.
Christian.
More information about the Kerberos
mailing list