Decrypt integrity check failed while getting initial ticket
Stephen Carville (Kerberos List)
b44261a2 at opayq.com
Mon Dec 9 13:04:17 EST 2019
Recently I migrated the kerberos master and one slave to another
location using tool called "Zerto". Perhaps coincidentally, replication
broke with the above error message. I checked that DNS A and PTR records
for all the servers are correct. I can get a ticket using kinit (kinit
-k host/<hostname>). I finally recreated the keytab file
(/etc/krb5.keytab) and propagated it to the other three servers. Still
no replication.
Any suggestions?
BTW, while trying to fix it, I noticed that every time I use ktadd to
add a key to krb5.keytab the KVNO increments. Is that normal?
--
Stephen
More information about the Kerberos
mailing list