RH 8 krb and JAAS

cross eyed tiredofheaders at yahoo.com
Fri Oct 3 02:54:14 EDT 2003

I'm going through the JAAS tutorial at http://java.sun.com/j2se/1.4.1/docs/guide/security/jgss/tutorials/AcnAndAzn.html but I always get the error "Integrity check on decrypted field failed (31)" after attempting to auth to my redhat 8 kdc. 
Pointed at my slackware slave kdc with the mit-kerberos src build it works just fine.  The kdc configs are identical and rsh, rlogin, kinit work from both the redhat and slackware boxes.
Has redhat gimped something?

Do you Yahoo!?
The New Yahoo! Shopping - with improved product searchhFrom news at ra.nrl.navy.mil Fri Oct  3 10:43:46 2003
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU
	by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id h93EhkgH018775
	for <kerberos at PCH.mit.edu>; Fri, 3 Oct 2003 10:43:46 -0400 (EDT)
Received: from ra.nrl.navy.mil (ra.nrl.navy.mil [])
	for <kerberos at MIT.EDU>; Fri, 3 Oct 2003 10:43:45 -0400 (EDT)
Received: (from news at localhost)
	by ra.nrl.navy.mil (8.11.6+Sun/8.9.3) id h93Eafe07144
	for kerberos at MIT.EDU; Fri, 3 Oct 2003 10:36:41 -0400 (EDT)
From: Jose Marques <noway at nohow.demon.co.uk>
X-Newsgroups: comp.protocols.kerberos
Date: Fri, 3 Oct 2003 15:36:34 +0100
Organization: University of Warwick, UK
Message-ID: <20031003152615.B82920 at mordor.maths.warwick.ac.uk>
To: kerberos at MIT.EDU
X-Mailman-Approved-At: Fri, 03 Oct 2003 11:56:30 -0400
Subject: Kpropd problem
X-BeenThere: kerberos at mit.edu
X-Mailman-Version: 2.1
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Help: <mailto:kerberos-request at mit.edu?subject=help>
List-Post: <mailto:kerberos at mit.edu>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
	<mailto:kerberos-request at mit.edu?subject=subscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos>
List-Unsubscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
	<mailto:kerberos-request at mit.edu?subject=unsubscribe>
X-List-Received-Date: Fri, 03 Oct 2003 14:43:46 -0000

I've just added a new KDC slave to our kerberos setup.  When I run kprop
on the primary KDC to backup to the new slave it works the first time but
on subsequent runs it stops after the first "32768 bytes sent." message.
Looking in the logs I see the following message:

  kpropd: Message stream modified while decoding database size from client

I've looked this up on google but saw nothing that explained its cause.
Can anybody advise me as to what I should be looking at to try and fix
this problem?

I'm running MIT 1.2.7 on the Primary KDC and MIT 1.3.1 on the new
secondary KDC.  Kprop works with our existing slave which is also running
1.2.7.  I am hesitant to upgrade our primary KDC to 1.3.1 in case this
problem is due to a bug in that release.  All KDCs are running on

Jose Marques

More information about the Kerberos mailing list