Kerberos failed with krb5krb_AP_ERR_ BAD_INTEGRITY

Ashish vermaashish_mca at hotmail.com
Tue Mar 21 03:21:17 EDT 2017


Hi All ,

This is my setup .

windows 8.1 64 bit
windows 2012 R2 server AD and KDC .
BS2000 with MIT kerberos 1.13.2

I generate keytab for  SPN using this command  :

ktpass -princ host/<Host name>@domain name -mapuser <domain name\domain user pass> pass <password> -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -out C:\KeyTab\HMAC7U6.keytab

I am trying to decrypt AP_REQ using this keytab.
I looked at kvno, encryption type and everything else matches.

while configuring the DES-CBC-CRC and DES-CBC-MD5 it works fine and Kerberos connection established.

Why would this fail while decrypting the packet in krb5_c_decrypt -> krb5_k_decrypt -> krb5int_arcfour_decrypt
returning KRB5KRB_AP_ERR_BAD_INTEGRITY?
I have tried debugging it abut I don’t find a reason why it is failing.

Any help would be appreciated !!!

Thanks & Regards


More information about the Kerberos mailing list