directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: kinit failed on - Integrity check on decrypted field failed
Date Mon, 08 Apr 2013 17:16:06 GMT
very likely that the default weak encryption type set in ApacheDS is the
reason.

either you enable the weak encrytion support in krb5.conf

[libdefaults]
       allow_weak_crypto = true

or modify the encryption types configured in ApacheDS

 1. go to the entry
ads-serverId=kerberosServer,ou=servers,ads-directoryServiceId=default,ou=config

 2. remove des3-cbc-sha1-kd from ads-krbEncryptionTypes attribute (you can
add another value like aes256-cts-hmac-sha1-96)

 3. restart the server

let us know if you still have an issue





On Mon, Apr 8, 2013 at 10:24 PM, Wu, James C. <James.C.Wu@disney.com> wrote:

> I installed the JCE and using the JVM from Oracle now. But I am getting
> the same error as when I used the OpenJDK JVM.
>
> [09:48:32] WARN
> [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
> Integrity check on decrypted field failed (31)
> [09:48:32] WARN [org.apache.directory.server.KERBEROS_LOG] - Integrity
> check on decrypted field failed (31)
>
> I tried to use kinit from two machines, both show the same error.  The
> kinit is part of the krb5-lib/krb5-workstation library.  Do I have to other
> implementation of kinit?
>
> Regards,
>
> james
>
>
> -----Original Message-----
> From: Emmanuel Lécharny [mailto:elecharny@gmail.com]
> Sent: Sunday, April 07, 2013 10:38 PM
> To: Apache Directory Developers List
> Subject: Re: kinit failed on - Integrity check on decrypted field failed
>
> Le 4/8/13 3:35 AM, Wu, James C. a écrit :
> > The apacheDS version I am using is apacheds-2.0.0-M11-64bit.bin
> >
> > When I switched the JVM to Oracle JVM by installing  the
>  jdk-7u17-linux-x64.rpm from Oracle, I even get NullPointerException. See
> the following stack trace.
>
> AES256 is not included by default in the standard J2SE installation. You
> have to install JCE in order to be able to use AES 256.
>
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>
>


-- 
Kiran Ayyagari
http://keydap.com

Mime
View raw message