directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@gmail.com>
Subject Re: kinit failed on - Integrity check on decrypted field failed
Date Sat, 06 Apr 2013 05:33:00 GMT
Le 4/6/13 2:23 AM, Wu, James C. a écrit :
> Hi,

Hi,
>
> I am trying to set up ApacheDS as a KDC. After adding hnelson using the following ldif,
I could not get kinit to get the ticket
>
> 	 dn: uid=hnelson,ou=users,dc=example,dc=com
> 	objectclass: top
> 	objectclass: person
> 	objectclass: inetOrgPerson
> 	objectclass: krb5Principal
> 	objectclass: krb5KDCEntry
> 	cn: Horatio Nelson
> 	sn: Nelson
> 	uid: hnelson
> 	userpassword: secret
> 	krb5PrincipalName: hnelson@EXAMPLE.COM
>
>
> The log output of ApacheDS show the following output:
>
> 	[cloud-user@n7-z01-0a2a0c3a ~]$ [17:15:57] ERROR [org.apache.directory.server.KERBEROS_LOG]
- No timestamp found
> 	[17:15:57] WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler]
- Additional pre-authentication required (25)
> 	[17:15:57] WARN [org.apache.directory.server.KERBEROS_LOG] - Additional pre-authentication
required (25)
> 	[17:16:00] WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler]
- Integrity check on decrypted field failed (31)
> 	[17:16:00] WARN [org.apache.directory.server.KERBEROS_LOG] - Integrity check on decrypted
field failed (31)
>
> Could someone give me some hint?

First, can you give us the version you are using ?

Can you also provide the krb5.conf file you are using ?

Its very likely that the encryptionType you are using on the client is
not correctly recognized by the server.

-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com 


Mime
View raw message