krb5 with java (JAAS) problem identified... sort of

david@cobite.com david at cobite.com
Thu Nov 13 22:57:31 EST 2003


Hi,

I was really frustrated finding only people experiencing the same problem, 
but none with a solution.  I'm mostly posting here hoping someone will be 
able to find the REAL problem, and also so that a search engine will pick 
up the workaround.

The problem is connecting to Red Hat 8.0 (and 9.0) krb5 (1.2.2 and 1.2.7
respectively) using Java (sun jdk 1.4.2 JAAS).  Even if you have a
perfectly functioning krb5 setup, the tutorial programs on their site will
fail with the error:

Intergrity check on decrypted field failed (31)

While I don't know the cause, I know a workaround.  When initially 
configuring the krb5 kdc, you must place des-cbc-crc:normal before 
des-cbc-crc:v4, or simply remove des-cbc-crc:v4 from the kdc.conf file 
(supported_enctypes in [realms] stanza)

After changing this, it all works fine for me.  It's either a bug in the 
v4 salt handling in krb5 or java it would seem.  But who knows...

Hope this helps,
David

-- 
/==============================\
| David Mansfield              |
| david at cobite.com             |
\==============================/



More information about the Kerberos mailing list