Decrypt integrity check failed

Donn Cave donn at u.washington.edu
Tue Jul 8 12:44:12 EDT 2003


In article <20030708033815.35159.qmail at web40511.mail.yahoo.com>,
 reahan2001 at yahoo.com (Muhammed Reahan) wrote:

> Decrypt integrity check failed
> First of all I created a principal name test. It is successfully created
> i entered the password  for it two times.
...
> Then i added the entry for the principal in the keytab file as 
> 
> kadmin.local: ktadd test
> Entry for principal test with kvno 2, encryption type DES-CBC-CRC added to 
> keytab 
> WRFILE:/etc/krb5/krb5.keytab.
...
>    Now i want to get the ticket of principal test  with kinit command.
>    
>    kinit test
> Password for test at VISION.PAF: 
> kinit: Password incorrect
> i entered the password correctly which i entered the first time.But 
> automatically password is 
> changed. i have tried this with two or three principals.

Yes, ktadmin invents a pseudo-random key when it adds a keytab
entry, so there is no way to subsequently authenticate with a
password.  If you want a keytab entry and a known password, you
have to use ktutil to create it.  I think ideally this would very
rarely be necessary.

   Donn Cave, donn at u.washington.edu


More information about the Kerberos mailing list