3 Replies Latest reply: May 21, 2013 3:33 PM by 1010234 RSS

    Urgent: KrbException: Integrity check on decrypted field failed (31)

    943444
      Hi ,

      I am trying to run kinit command on my linux environment.
      ./kinit HTTP/<service>@MYDOMAIN.COM -k -t /oracle/app/product/fmw_iam/Oracle_IDM1/oam/server/config/mykeytab -J-Dsun.security.krb5.debug=true

      I got error :
      krb_error 24 Pre-authentication information was invalid (24) Pre-authentica

      I gone thru some forum thread krb_error 24 Pre-authentication information was invalid (24) Pre-authentica In this it was suggested to
      Unless you check the "Does not allow Preauthentication" checkbox in Windows AD Account settings for the user. The AD server will prompt the client for a preauth.

      So in AD i did this setting and error went away.
      Later i am getting error related to KrbException: Integrity check on decrypted field failed (31)
      Please find output as below:

      Config name: /etc/krb5.conf
      KinitOptions cache name is /tmp/krb5cc_0
      Principal is HTTP/service@MYDOMAIN.COM
      Kinit using keytab
      Kinit keytab file name: /oracle/app/product/fmw_iam/Oracle_IDM1/oam/server/config/mykeytab
      KeyTabInputStream, readName(): MYDOMAIN.COM
      KeyTabInputStream, readName(): HTTP
      KeyTabInputStream, readName(): service
      KeyTab: load() entry length: 69; type: 3
      Added key: 3version: 3
      Ordering keys wrt default_tkt_enctypes list
      Using builtin default etypes for default_tkt_enctypes
      default etypes for default_tkt_enctypes: 3 1 23 16 17.
      Kinit realm name is MYDOMAIN.COM
      Creating KrbAsReq
      KrbKdcReq local addresses for service are:
      service/xx.xx.xx.xxxx
      IPv4 address
      Using builtin default etypes for default_tkt_enctypes
      default etypes for default_tkt_enctypes: 3 1 23 16 17.
      KrbAsReq calling createMessage
      KrbAsReq in createMessage
      Kinit: sending as_req to realm MYDOMAIN.COM
      KrbKdcReq send: kdc=TEN.MYDOMAIN.COM UDP:88, timeout=30000, number of retries =3, #bytes=183
      KDCCommunication: kdc=TEN.MYDOMAIN.COM UDP:88, timeout=30000,Attempt =1, #bytes=183
      KrbKdcReq send: #bytes read=667
      KrbKdcReq send: #bytes read=667
      reading response from kdc
      EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
      Exception: krb_error 31 Integrity check on decrypted field failed (31) Integrity check on decrypted field failed
      KrbException: Integrity check on decrypted field failed (31)
      at sun.security.krb5.internal.crypto.DesCbcEType.decrypt(DesCbcEType.java:154)
      at sun.security.krb5.internal.crypto.DesCbcEType.decrypt(DesCbcEType.java:125)
      at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:167)
      at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:87)
      at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:486)
      at sun.security.krb5.internal.tools.Kinit.sendASRequest(Kinit.java:308)
      at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:239)
      at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:106)



      Please Do needful. Any one has any solution please post it ASAP.

      Edited by: 940441 on Jul 18, 2012 7:50 AM