gss error - Decrypt integrity check failed

Rick mail at
Mon Sep 9 18:42:27 EDT 2002

I keep getting the error

GSS-API error accepting context: Decrypt integrity check failed

Here's my setup.

*Host1 is WinNT, gss-server and gss-client (same machine for testing only)
Installed Kerberos for Windows 2.1.1
   ticket_lifetime = 600
   default_realm = ABC.COM
   default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
   default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
   default_keytab_name = FILE:\krb5.keytab

*Host2 is Intel Solaris 7 KDC
master_key_type    = des3-hmac-sha1
supported_enctypes = des-cbc-crc:normal des3-hmac-sha1:normal

On the kdc (host2)

# addprinc -kvno 2 -pw password rcmd/
principal "rcmd/" created.

#ktadd -k /usr/var/krb5kdc/kadm5.keytab rcmd/
entry for principal "rcmd/" with kvno 4, encryption
type DES cbc mode with CRC-32 added to keytab
entry for principal "rcmd/" with kvno 4, encryption
type Triple DES cbc mode with HMAC/sha1 added to keytab

On a third solaris intel box I created a keytab and ftp it to my windows
gss-server/gss-client (host1):
# addent -password -p rcmd/ -k 4 -e des

Note: I've tried using keytabs with -e 'des-cbc-crc' and 'des3-hmac-sha1'.

Thanks in advance

More information about the Kerberos mailing list