JGSS: Integrity check on decrypted field failed (31)

Seema Malkani Seema.Malkani at Sun.COM
Tue Nov 7 15:16:22 EST 2006


What version of JDK are you using ? Sun's implementation of Java GSS 
includes support for SPNEGO starting from Java SE 6.

Has the SPN been setup correctly ?

Seema

Michael B Allen wrote On 11/06/06 11:26,:

>I wrote an SPNEGO Java Servlet Filter that decodes the SPNEGO token,
>plucks out the krb5 mechToken and passes it to acceptSecContext. Works
>great on Linux/Jetty. Tomcat on Windows gives me the following exception.
>Basically it looks like it's failing to decrypt the ticket as if the
>password was wrong (but it's not). The service account is set for DES
>only. For the service credential, I manually create a KerberosKey with a
>plaintext password and enctype of "DES".
>
>Before I start doing byte for byte checking can anyone recommend potential
>reasons for this error?
>
>GSSException: Failure unspecified at GSS-API level (Mechanism level:
>Integrity check on decrypted field failed (31))
>	sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:734)
>	sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
>	sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:246)
>	com.ibi.security.spnego.SpnegoFilter.doFilter(SpnegoFilter.java:262)
>________________________________________________
>Kerberos mailing list           Kerberos at mit.edu
>https://mailman.mit.edu/mailman/listinfo/kerberos
>  
>



More information about the Kerberos mailing list