krb5_get_init_creds_password: Decrypt integrity check failed (KRB5 Debugging on Ubuntu Linux)
Greg Hudson
ghudson at MIT.EDU
Mon Apr 11 16:45:39 EDT 2011
On Mon, 2011-04-11 at 15:56 -0400, Russ Allbery wrote:
> You've got all the information that pam_krb5 has. It did a password
> authentication, and the key formed from the password didn't decrypt the
> KDC reply. There isn't much else it can tell you.
There is one thing pam_krb5 could do to help debug problems like this,
which is provide an option to turn on krb5 tracing if
krb5_set_trace_filename() is available (MIT krb5 1.9 or later). Since
pam_krb5 creates a secure context, the KRB5_TRACE environment variable
doesn't operate.
More information about the Kerberos
mailing list