Decrypt integrity check failed
Donn Cave
donn at u.washington.edu
Tue Jul 8 12:44:12 EDT 2003
In article <20030708033815.35159.qmail at web40511.mail.yahoo.com>,
reahan2001 at yahoo.com (Muhammed Reahan) wrote:
> Decrypt integrity check failed
> First of all I created a principal name test. It is successfully created
> i entered the password for it two times.
...
> Then i added the entry for the principal in the keytab file as
>
> kadmin.local: ktadd test
> Entry for principal test with kvno 2, encryption type DES-CBC-CRC added to
> keytab
> WRFILE:/etc/krb5/krb5.keytab.
...
> Now i want to get the ticket of principal test with kinit command.
>
> kinit test
> Password for test at VISION.PAF:
> kinit: Password incorrect
> i entered the password correctly which i entered the first time.But
> automatically password is
> changed. i have tried this with two or three principals.
Yes, ktadmin invents a pseudo-random key when it adds a keytab
entry, so there is no way to subsequently authenticate with a
password. If you want a keytab entry and a known password, you
have to use ktutil to create it. I think ideally this would very
rarely be necessary.
Donn Cave, donn at u.washington.edu
More information about the Kerberos
mailing list