directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wu, James C." <James.C...@disney.com>
Subject RE: kinit failed on - Integrity check on decrypted field failed
Date Tue, 09 Apr 2013 16:49:16 GMT
I am very sure of that. I just deleted the hnelson entry and recreate it using the ldapadd
command. The hnelson.ldif file is as follows:

  dn: uid=hnelson,ou=users,dc=example,dc=com
  objectclass: top
  objectclass: person
  objectclass: inetOrgPerson
  objectclass: krb5Principal
  objectclass: krb5KDCEntry
  cn: Horatio Nelson
  sn: Nelson
  uid: hnelson
  userpassword: secret01
  krb5PrincipalName: hnelson@EXAMPLE.COM


The ldap command I used to add the entry is 

  ldapadd -x -W -D "uid=admin,ou=system" -f hnelson.ldif -H ldap://localhost:10389

When I do a ldapsearch, I saw the hnelson entry as follows

  # hnelson, users, example.com
  dn: uid=hnelson,ou=users,dc=example,dc=com
  uid: hnelson
  userpassword:: e1NTSEF9WlBoT0RueU1sL3FmSVZ1K0tIaHloQU5XN2Z5RWF5cGZSeFMvZ1E9PQ=
   =
  objectclass: organizationalPerson
  objectclass: krb5Principal
  objectclass: person
  objectclass: krb5KDCEntry
  objectclass: inetOrgPerson
  objectclass: top
  cn: Horatio Nelson
  sn: Nelson
  krb5KeyVersionNumber: 0
  krb5Key:: MBmgAwIBEaESBBBEoHCxETKoK5EHlTW1kdUP
  krb5Key:: MBGgAwIBA6EKBAhFVAF2buW19A==
  krb5Key:: MCGgAwIBEKEaBBiDZDj0L9XH7BrCJfJYHBBzJTHHUdaFdSk=
  krb5Key:: MBmgAwIBF6ESBBCIi91Z4Xn3gVQeWmSirA7o
  krb5Key:: MCmgAwIBEqEiBCDY8jXKWlxWMGCcyKRIIVOQgjde+LItumdkwKUy/PXPKw==
  krb5PrincipalName: hnelson@EXAMPLE.COM



-----Original Message-----
From: Emmanuel Lécharny [mailto:elecharny@gmail.com] 
Sent: Tuesday, April 09, 2013 9:34 AM
To: Apache Directory Developers List
Subject: Re: kinit failed on - Integrity check on decrypted field failed

Le 4/9/13 6:24 PM, Wu, James C. a écrit :
> I will do it.  The log output are also attached below in this email.  If anyone can take
a quick look at it, I would really appreciate.      --  james

Just looked at the logs, so far, it seems that everyting goes find, up to a point you get
the error.

Are you *sure* that the password is the one stored in the entry ?


--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com 

Mime
View raw message