help - pkinit preauth [Public]
Russ Allbery
rra at stanford.edu
Fri Mar 2 15:52:30 EST 2012
Sylvain Girod <s.girod at cerberis.com> writes:
> All seem ok, I get an AS-REP with a ticket, but I have an error:
> pam_krb5(login:auth): (user Administrateur) krb5_get_init_creds_password: Decrypt integrity check failed
Just to double-check, you have a Kerberos principal in your realm named
Administrateur at FIM.LOCAL with exactly that spelling and capitalization?
Make sure you can kinit as that principal as a test outside of PAM.
> I found this error say it can’t decrypt the ticket in the AS-REP. What
> is the possible cause for this issue ?
Usually it means an incorrect password, but it can also mean a mismatch
between the authentication identity and the Kerberos principal name.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list