gss error - Decrypt integrity check failed
Rick
mail at url.worldwidedns.net
Mon Sep 9 18:42:27 EDT 2002
I keep getting the error
GSS-API error accepting context: Decrypt integrity check failed
Here's my setup.
*Host1 is WinNT, gss-server and gss-client (same machine for testing only)
Installed Kerberos for Windows 2.1.1
c:\winnt\krb5.ini
[libdefaults]
ticket_lifetime = 600
default_realm = ABC.COM
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_keytab_name = FILE:\krb5.keytab
*Host2 is Intel Solaris 7 KDC
kdc.conf
master_key_type = des3-hmac-sha1
supported_enctypes = des-cbc-crc:normal des3-hmac-sha1:normal
On the kdc (host2)
# addprinc -kvno 2 -pw password rcmd/host.abc.com
principal "rcmd/host.abc.com" created.
#ktadd -k /usr/var/krb5kdc/kadm5.keytab rcmd/host.abc.com
entry for principal "rcmd/host.abc.com" with kvno 4, encryption
type DES cbc mode with CRC-32 added to keytab
WRFILE:/usr/var/krb5kdc/kadm5.keytab
entry for principal "rcmd/host.abc.com" with kvno 4, encryption
type Triple DES cbc mode with HMAC/sha1 added to keytab
WRFILE:/usr/var/krb5kdc/kadm5.keytab
On a third solaris intel box I created a keytab and ftp it to my windows
gss-server/gss-client (host1):
# addent -password -p rcmd/host.abc.com -k 4 -e des
Note: I've tried using keytabs with -e 'des-cbc-crc' and 'des3-hmac-sha1'.
Thanks in advance
More information about the Kerberos
mailing list