TGS-REP TICKET decrypting problem
ghudson at MIT.EDU
Sun Apr 27 11:56:21 EDT 2014
On 04/25/2014 05:18 AM, somenath saha wrote:
> I'm facing a problem while decrypting enc-part of the ticket in TGS_REP
> message. While decrypting the ticket in TGS_REP message (with
> KRB5_KEYUSAGE_KDC_REP_TICKET), I am getting an error message
> KRB_AP_ERR_BAD_INTEGRITY though I have able to decrypt the enc-part of
> AS_REP message using the same Server Secret Key.
I wasn't able to tell from this description what might be going wrong.
A ticket should be decryptable with the server's key whether it came
from an AS reply or a TGS reply. Make sure the ticket in the TGS reply
is for the same server and is using the same kvno and enctype.
More information about the krbdev