Decrypt integrity check failed while getting initial ticket

Stephen Carville (Kerberos List) b44261a2 at
Mon Dec 9 13:04:17 EST 2019

Recently I migrated the kerberos master and one slave to another 
location using tool called "Zerto".  Perhaps coincidentally, replication 
broke with the above error message. I checked that DNS A and PTR records 
for all the servers are correct.  I can get a ticket using kinit (kinit 
-k host/<hostname>). I finally recreated the keytab file 
(/etc/krb5.keytab) and propagated it to the other three servers.  Still 
no replication.

Any suggestions?

BTW, while trying to fix it, I noticed that every time I use ktadd to 
add a key to krb5.keytab the KVNO increments.  Is that normal?


More information about the Kerberos mailing list