java 1.5 KINIT error

Douglas E. Engert deengert at anl.gov
Fri Dec 16 07:38:07 EST 2005


So is this really the problem that java does not do the pre-auth
correctly assuming it knows the salt rather then using the salt returned
by the KDC? Java 1.6 has a fix for this.

Russ Allbery wrote:

> FM <dist-list at lexum.umontreal.ca> writes:
> 
> 
>>I'm trying to use kinit with kerberos but :
>>
>>>bin/kinit user at REALM
> 
> 
>>Password for userf at REALM:password
>>Exception: krb_error 31 Integrity check on decrypted field failed (31) 
>>Integrity check on decrypted field failed
>>KrbException: Integrity check on decrypted field failed (31)
>>       at sun.security.krb5.internal.crypto.v.b(DashoA12275:154)
>>       at sun.security.krb5.internal.crypto.v.b(DashoA12275:125)
>>       at sun.security.krb5.EncryptedData.decrypt(DashoA12275:157)
>>       at sun.security.krb5.KrbAsRep.<init>(DashoA12275:82)
>>       at sun.security.krb5.KrbAsReq.getReply(DashoA12275:345)
>>       at sun.security.krb5.KrbAsReq.getReply(DashoA12275:303)
>>       at sun.security.krb5.internal.tools.Kinit.<init>(DashoA12275:252)
>>       at sun.security.krb5.internal.tools.Kinit.main(DashoA12275:106)
> 
> 
> Sounds like the problem described at:
> 
> http://archives.java.sun.com/cgi-bin/wa?A2=ind0212&L=java-security&F=&S=&P=802
> 
> in which case try the fix at:
> 
> http://archives.java.sun.com/cgi-bin/wa?A2=ind0212&L=java-security&D=0&P=1130
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444


More information about the Kerberos mailing list