Decrypt integrity check failed while changing password
Brian Davidson
bdavids1 at gmu.edu
Wed Sep 14 13:32:35 EDT 2005
Ken,
You, of course, are brilliant. Setting the history to 1, and then back
up to 10 seems to fix it. I realize that a side effect of this is that
users can reuse any of their recent password the next time they go to
change their password.
Thanks!
Brian
On Sep 14, 2005, at 1:17 PM, Ken Hornstein wrote:
>> I had to do a bunch of account cleanups (~35,000 deletions) yesterday.
>> Today, I'm getting the message 'change_password: Decrypt integrity
>> check failed while changing password for "principal at GMU.EDU"' when
>> trying to change a password. If I create a new principal, I am able
>> to
>> change it's password. I'm using kadmin.local -- we don't run kadmind.
>>
>> Anyone have an idea what I deleted that I shouldn't have?
>
> I suspect that since you deleted kadmin/history, you're getting this
> error
> from deep within the kadmin library when it's trying to access the
> password
> history. That's just a guess, though. You're getting this message
> from
> kadmin.local, right?
>
> How you recover from this ... well, I have no idea, actually. Did you
> happen to save the old kadmind keytab?
>
> --Ken
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list