KRB5KRB_AP_ERR_BAD_INTEGRITY from krb5_arcfour_decrypt
Nikhil Mishra
ls.niks at gmail.com
Tue Feb 17 04:30:48 EST 2009
Hi All ,
This is my setup .
windows XP client
windows 2003 server AD and KDC .
Linux FC with MIT kerberos 1.6.3
I generate keytab for SPN using this command :
ktpass -princ cifs/cifsserver2 at WXYZ.COM -mapuser cifsserver2 -pass rohati123
/ptype KRB
5_NT_SRV_INST -setpass -setupn -out cifs.keytab
The user is actually a computer name and not an actual user in domain ( I
dont know If it effects but Just in case )
I want to route my traffic through a linux box and I am trying to decrypt
AP_REQ using this keytab
I looked at kvno and everything else matches so , basically krb_kt_get_entry
passes .
Why would this fail while decrypting the packet in krb5_decrypt_tkt_part
returning KRB5KRB_AP_ERR_BAD_INTEGRITY?
I have tried debugging it and beyond all reasons I dont find a reason why
Any help would be appreciated !!!
Thanks & Regards
Nikhil
More information about the krbdev
mailing list