KRB5KRB_AP_ERR_BAD_INTEGRITY from krb5_arcfour_decrypt

Nikhil Mishra ls.niks at
Tue Feb 17 04:30:48 EST 2009

Hi All ,

This is my setup .

windows XP client
windows 2003 server AD and KDC .
Linux FC with MIT kerberos 1.6.3

I generate keytab for  SPN using this command  :

ktpass -princ cifs/cifsserver2 at WXYZ.COM -mapuser cifsserver2 -pass rohati123
/ptype KRB
5_NT_SRV_INST -setpass -setupn -out cifs.keytab

The user is actually a computer name and not an actual user in domain ( I
dont know If it effects but Just in case )

I want to route my traffic through a linux box and I am trying to decrypt
AP_REQ using this keytab
I looked at kvno and everything else matches so , basically krb_kt_get_entry
passes .

Why would this fail while decrypting the packet in krb5_decrypt_tkt_part
I have tried debugging it and beyond all reasons I dont find a reason why

Any help would be appreciated !!!

Thanks & Regards


More information about the krbdev mailing list