krb5 with java (JAAS) problem identified... sort of
david@cobite.com
david at cobite.com
Thu Nov 13 22:57:31 EST 2003
Hi,
I was really frustrated finding only people experiencing the same problem,
but none with a solution. I'm mostly posting here hoping someone will be
able to find the REAL problem, and also so that a search engine will pick
up the workaround.
The problem is connecting to Red Hat 8.0 (and 9.0) krb5 (1.2.2 and 1.2.7
respectively) using Java (sun jdk 1.4.2 JAAS). Even if you have a
perfectly functioning krb5 setup, the tutorial programs on their site will
fail with the error:
Intergrity check on decrypted field failed (31)
While I don't know the cause, I know a workaround. When initially
configuring the krb5 kdc, you must place des-cbc-crc:normal before
des-cbc-crc:v4, or simply remove des-cbc-crc:v4 from the kdc.conf file
(supported_enctypes in [realms] stanza)
After changing this, it all works fine for me. It's either a bug in the
v4 salt handling in krb5 or java it would seem. But who knows...
Hope this helps,
David
--
/==============================\
| David Mansfield |
| david at cobite.com |
\==============================/
More information about the Kerberos
mailing list