This discussion is archived
3 Replies Latest reply: May 21, 2013 1:33 PM by 1010234 RSS

Urgent: KrbException: Integrity check on decrypted field failed (31)

943444 Newbie
Currently Being Moderated
Hi ,

I am trying to run kinit command on my linux environment.
./kinit HTTP/<service>@MYDOMAIN.COM -k -t /oracle/app/product/fmw_iam/Oracle_IDM1/oam/server/config/mykeytab -J-Dsun.security.krb5.debug=true

I got error :
krb_error 24 Pre-authentication information was invalid (24) Pre-authentica

I gone thru some forum thread krb_error 24 Pre-authentication information was invalid (24) Pre-authentica In this it was suggested to
Unless you check the "Does not allow Preauthentication" checkbox in Windows AD Account settings for the user. The AD server will prompt the client for a preauth.

So in AD i did this setting and error went away.
Later i am getting error related to KrbException: Integrity check on decrypted field failed (31)
Please find output as below:

Config name: /etc/krb5.conf
KinitOptions cache name is /tmp/krb5cc_0
Principal is HTTP/service@MYDOMAIN.COM
Kinit using keytab
Kinit keytab file name: /oracle/app/product/fmw_iam/Oracle_IDM1/oam/server/config/mykeytab
KeyTabInputStream, readName(): MYDOMAIN.COM
KeyTabInputStream, readName(): HTTP
KeyTabInputStream, readName(): service
KeyTab: load() entry length: 69; type: 3
Added key: 3version: 3
Ordering keys wrt default_tkt_enctypes list
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
Kinit realm name is MYDOMAIN.COM
Creating KrbAsReq
KrbKdcReq local addresses for service are:
service/xx.xx.xx.xxxx
IPv4 address
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
KrbAsReq calling createMessage
KrbAsReq in createMessage
Kinit: sending as_req to realm MYDOMAIN.COM
KrbKdcReq send: kdc=TEN.MYDOMAIN.COM UDP:88, timeout=30000, number of retries =3, #bytes=183
KDCCommunication: kdc=TEN.MYDOMAIN.COM UDP:88, timeout=30000,Attempt =1, #bytes=183
KrbKdcReq send: #bytes read=667
KrbKdcReq send: #bytes read=667
reading response from kdc
EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Exception: krb_error 31 Integrity check on decrypted field failed (31) Integrity check on decrypted field failed
KrbException: Integrity check on decrypted field failed (31)
at sun.security.krb5.internal.crypto.DesCbcEType.decrypt(DesCbcEType.java:154)
at sun.security.krb5.internal.crypto.DesCbcEType.decrypt(DesCbcEType.java:125)
at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:167)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:87)
at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:486)
at sun.security.krb5.internal.tools.Kinit.sendASRequest(Kinit.java:308)
at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:239)
at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:106)



Please Do needful. Any one has any solution please post it ASAP.

Edited by: 940441 on Jul 18, 2012 7:50 AM

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points