JGSS: Integrity check on decrypted field failed (31)
Michael B Allen
mba2000 at ioplex.com
Mon Nov 6 14:26:20 EST 2006
I wrote an SPNEGO Java Servlet Filter that decodes the SPNEGO token,
plucks out the krb5 mechToken and passes it to acceptSecContext. Works
great on Linux/Jetty. Tomcat on Windows gives me the following exception.
Basically it looks like it's failing to decrypt the ticket as if the
password was wrong (but it's not). The service account is set for DES
only. For the service credential, I manually create a KerberosKey with a
plaintext password and enctype of "DES".
Before I start doing byte for byte checking can anyone recommend potential
reasons for this error?
GSSException: Failure unspecified at GSS-API level (Mechanism level:
Integrity check on decrypted field failed (31))
sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:734)
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:246)
com.ibi.security.spnego.SpnegoFilter.doFilter(SpnegoFilter.java:262)
More information about the Kerberos
mailing list