cross realm : decrypt integrity check failed
Ken Hornstein
kenh at cmf.nrl.navy.mil
Wed Nov 8 15:36:54 EST 2006
>1. changed the order of the supported enctypes in kdc.conf so that the one
>being used in both places is listed first.
This list (assuming you're talking about supported_enctypes) is actually
just a default. -e should override it.
>2. recreated the principal with -e to specify only the enctype being used in
>both places (doing 2 by itself before had not fixed the issue).
I find it odd that this didn't fix it before.
>From my understand of Kerberos, this should not matter... interesting.
Well, remember that with cross-realm, you're really dealing with _keys_,
not passwords. I think what you were running into was the fact that
the keys didn't match, even though the passwords did.
--Ken
More information about the Kerberos
mailing list