TGS-REP TICKET decrypting problem

Greg Hudson ghudson at MIT.EDU
Sun Apr 27 11:56:21 EDT 2014

On 04/25/2014 05:18 AM, somenath saha wrote:
>     I'm facing a problem while decrypting enc-part of the ticket in TGS_REP
> message.  While decrypting the ticket in TGS_REP message (with
> KRB5_KEYUSAGE_KDC_REP_TICKET), I am getting an error message
> KRB_AP_ERR_BAD_INTEGRITY though I have able to decrypt the enc-part of
> AS_REP message using the same Server Secret Key.

I wasn't able to tell from this description what might be going wrong.
A ticket should be decryptable with the server's key whether it came
from an AS reply or a TGS reply.  Make sure the ticket in the TGS reply
is for the same server and is using the same kvno and enctype.

More information about the krbdev mailing list