Decrypt integrity check failed

Muhammed Reahan reahan2001 at yahoo.com
Mon Jul 7 23:38:15 EDT 2003 

Decrypt integrity check failed
First of all I created a principal name test. It is successfully created
i entered the password  for it two times.
at this time the following attributes of test principal has the database

kadmin.local:  getprinc test
Principal: test at VISION.PAF
Expiration date: [never]
Last password change: Mon Jul 07 17:01:30 Gmt 2003
Password expiration date: [none]
Maximum ticket life: 24855 days 03:14:07
Maximum renewable life: 24855 days 03:14:07
Last modified: Mon Jul 07 17:01:30 Gmt 2003 (root/admin at VISION.PAF)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 1
Key: vno 1, DES cbc mode with CRC-32, no salt
Attributes:
Policy: [none]
Then i added the entry for the principal in the keytab file as 

kadmin.local: ktadd test
Entry for principal test with kvno 2, encryption type DES-CBC-CRC added to keytab 
WRFILE:/etc/krb5/krb5.keytab.

Then the attribute of test principal in the database are as follows

kadmin.local:  getprinc test
Principal: test at VISION.PAF
Expiration date: [never]
Last password change: Mon Jul 07 17:04:24 Gmt 2003
Password expiration date: [none]
Maximum ticket life: 24855 days 03:14:07
Maximum renewable life: 24855 days 03:14:07
Last modified: Mon Jul 07 17:04:24 Gmt 2003 (root/admin at VISION.PAF)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 1
Key: vno 2, DES cbc mode with CRC-32, no salt
Attributes:
Policy: [none]

The enteries in the keytab file shows as follows

 klist -k    
Keytab name: FILE:/etc/krb5/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   3 host/mrt-mccgui.vision.paf at VISION.PAF
   7 root/mrt-mccgui.vision.paf at VISION.PAF
   2 test at VISION.PAF
      
   
   Now i want to get the ticket of principal test  with kinit command.
   
   kinit test
Password for test at VISION.PAF: 
kinit: Password incorrect
i entered the password correctly which i entered the first time.But automatically password is 
changed. i have tried this with two or three principals.
Now if i change the password using kadmin then kVNO is changed and becomes 3
But in the keytable file krb5.keytab its version number is 2 now in the database KVNO is  3 so here is missmatch of keys number.

If i repeat the step once again and add entery once again in the key tab file
then the keyVNO became same at both places that is 4.
Now if i want to get the credential for the principal test then the again error message comes that your password is in correct.so this goes same like a loop.
 
Another solution is that if i change the KVNO using gkadmin programe
the KVNO is successfully changed.
Then my programe gives me the following error message while accepting security context 
GSS-API error accepting context: Unspecified GSS failure.  Minor code may provide more information
GSS-API error accepting context: Decrypt integrity check failed
please help me in this regard
Thanks in advance
By Reahan Bahria University (BIMCS) ISlamabad


---------------------------------
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!!From adv at body-building-equpiment.com Tue Jul  8 11:54:29 2003
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU
	[18.7.7.76])
	by pch.mit.edu (8.12.8p1/8.12.8) with ESMTP id h68FsTk0005051
	for <kerberos at PCH.mit.edu>; Tue, 8 Jul 2003 11:54:29 -0400 (EDT)
Received: from tomer.eliteplanet.net ([64.237.60.52])h68FsTZY023385
	for <kerberos at MIT.EDU>; Tue, 8 Jul 2003 11:54:29 -0400 (EDT)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by tomer.eliteplanet.net (8.12.8/8.12.8) with SMTP id h68DX6pL010636
	for <kerberos at MIT.EDU>; Tue, 8 Jul 2003 09:33:06 -0400
Message-Id: <200307081333.h68DX6pL010636 at tomer.eliteplanet.net>
Mime-version: 1.0
Content-type: text/plain; charset="iso-8859-1"
To: kerberos at MIT.EDU
Date: Tue, 8 Jul 2003 09:33 -0400
From: adv at body-building-equpiment.com
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id
	h68FsTk0005051
Subject: Placing text links ads on your website
X-BeenThere: kerberos at mit.edu
X-Mailman-Version: 2.1
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Help: <mailto:kerberos-request at mit.edu?subject=help>
List-Post: <mailto:kerberos at mit.edu>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
	<mailto:kerberos-request at mit.edu?subject=subscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos>
List-Unsubscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
	<mailto:kerberos-request at mit.edu?subject=unsubscribe>
X-List-Received-Date: Tue, 08 Jul 2003 15:54:30 -0000


		Hey.
		I would like to get info about placing an ad on your website - http://wwwietf.org/rfc/rfc1510.txt.
		we own a few sport, fashion and hotels reservation websites and we just got a new budget
		for adversiting and we would Like to get your price offer fortext link adversitement.

		 Thanks,
		  John Sigal.
		    adv at body-building-equpiment.com

More information about the Kerberos mailing list