krb5_get_init_creds_password: Decrypt integrity check failed (KRB5 Debugging on Ubuntu Linux)

Greg Hudson ghudson at MIT.EDU
Mon Apr 11 16:45:39 EDT 2011

On Mon, 2011-04-11 at 15:56 -0400, Russ Allbery wrote:
> You've got all the information that pam_krb5 has.  It did a password
> authentication, and the key formed from the password didn't decrypt the
> KDC reply.  There isn't much else it can tell you.

There is one thing pam_krb5 could do to help debug problems like this,
which is provide an option to turn on krb5 tracing if
krb5_set_trace_filename() is available (MIT krb5 1.9 or later).  Since
pam_krb5 creates a secure context, the KRB5_TRACE environment variable
doesn't operate.

More information about the Kerberos mailing list