Problems with kerberized telnetd and telnet (fwd)
Ken Hornstein
kenh at cmf.nrl.navy.mil
Tue Jan 14 15:05:01 EST 2003
>Valid starting Expires Service principal
>01/14/03 09:48:11 01/14/03 19:47:32 krbtgt/ebiz.austin.ibm.com at ebiz.austin.ibm.co
>m
> Flags: FIA
FWIW, "A" means that TKT_FLG_PRE_AUTH flag was set (you performed
preauthentication successfully).
>[ Kerberos V5 refuses authentication because telnetd: krb5_rd_req failed: Decrypt integrity check failed ]
This means, essentially, "Password incorrect", and that means that the
password (key) in your keytab doesn't match the one stored in your KDC
for this principal. You'll have to get them in sync somehow (I don't
really know that much about DCE to help you).
I had better caution you now: because service tickets are cached by the
client, you should "kinit" every time you think you've changed the
service key so that you always get a fresh copy of the ticket from
the KDC.
--Ken
More information about the Kerberos
mailing list