You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by Hugo Amaro <hu...@gmail.com> on 2018/05/27 15:44:42 UTC
KrbException: Checksum failed
Hello,
I'm trying to perform a test using ldap and kerberos server. For that I am
installing all the necessary bundles in Karaf and I confirmed that the
servers are running and I am able to connect using ApacheDs studio.
I'm trying to test the kerberos authentication using the following example
described in your site:
http://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html
Everything seems fine but when I try to authenticate using the user hnelson
I got the following error:
Exception: krb_error 31 Integrity check on decrypted field failed (31) -
Integrity check on decrypted field failed Integrity check on decrypted
field failed
KrbException: Integrity check on decrypted field failed (31) - Integrity
check on decrypted field failed
After looking in the kerberos server logs I could see the error:
KERBEROS_LOG | 196 -
org.apache.directory.server.interceptor.kerberos - *2.0.0.M24* |* No
timestamp found*
In order to overcome that, I set PaEncTimestampRequired to false.
Now I'm having an error I can't get rid of it (whether using apacheds
studio to connect or even kinit):
C:\Program Files\Java\jdk1.8.0_144\bin>kinit hnelson@EXAMPLE.COM
Password for hnelson@EXAMPLE.COM:
Exception: krb_error 0 Checksum failed No error
*KrbException: Checksum failed*
at
sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType.decrypt(Aes128CtsHmacSha1EType.java:102)
at
sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType.decrypt(Aes128CtsHmacSha1EType.java:94)
at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:175)
at sun.security.krb5.KrbAsRep.decrypt(KrbAsRep.java:149)
at
sun.security.krb5.KrbAsRep.decryptUsingPassword(KrbAsRep.java:139)
at
sun.security.krb5.KrbAsReqBuilder.resolve(KrbAsReqBuilder.java:287)
at
sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361)
at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:219)
at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:113)
Caused by: java.security.GeneralSecurityException: Checksum failed
at
sun.security.krb5.internal.crypto.dk.AesDkCrypto.decryptCTS(AesDkCrypto.java:451)
at
sun.security.krb5.internal.crypto.dk.AesDkCrypto.decrypt(AesDkCrypto.java:272)
at sun.security.krb5.internal.crypto.Aes128.decrypt(Aes128.java:76)
at
sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType.decrypt(Aes128CtsHmacSha1EType.java:100)
... 8 more
I am using windows 10 and jdk1.8.0_144. I have local_policy
and US_export_policy jars in the security folder as described in some
sites. I'm using plain text passwords in the entries created in Ldap, as
described in some other sites. I don't know what else can I do.
This is my krb5 config file
[libdefaults]
default_realm = EXAMPLE.COM
[realms]
EXAMPLE.COM = {
kdc = localhost:60088
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
Can you please provide some help?
Thank you.
Best regards,
Hugo Amaro
Fwd: KrbException: Checksum failed
Posted by Hugo Amaro <hu...@gmail.com>.
Hello,
I'm trying to perform a test using ldap and kerberos server. For that I am
installing all the necessary bundles in Karaf and I confirmed that the
servers are running and I am able to connect using ApacheDs studio.
I'm trying to test the kerberos authentication using the following example
described in your site:
http://directory.apache.org/apacheds/kerberos-ug/4.2-
authenticate-studio.html
Everything seems fine but when I try to authenticate using the user hnelson
I got the following error:
Exception: krb_error 31 Integrity check on decrypted field failed (31) -
Integrity check on decrypted field failed Integrity check on decrypted
field failed
KrbException: Integrity check on decrypted field failed (31) - Integrity
check on decrypted field failed
After looking in the kerberos server logs I could see the error:
KERBEROS_LOG | 196 -
org.apache.directory.server.interceptor.kerberos
- *2.0.0.M24* |* No timestamp found*
In order to overcome that, I set PaEncTimestampRequired to false.
Now I'm having an error I can't get rid of it (whether using apacheds
studio to connect or even kinit):
C:\Program Files\Java\jdk1.8.0_144\bin>kinit hnelson@EXAMPLE.COM
Password for hnelson@EXAMPLE.COM:
Exception: krb_error 0 Checksum failed No error
*KrbException: Checksum failed*
at sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType.decrypt(
Aes128CtsHmacSha1EType.java:102)
at sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType.decrypt(
Aes128CtsHmacSha1EType.java:94)
at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:175)
at sun.security.krb5.KrbAsRep.decrypt(KrbAsRep.java:149)
at sun.security.krb5.KrbAsRep.decryptUsingPassword(KrbAsRep.
java:139)
at sun.security.krb5.KrbAsReqBuilder.resolve(
KrbAsReqBuilder.java:287)
at sun.security.krb5.KrbAsReqBuilder.action(
KrbAsReqBuilder.java:361)
at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:219)
at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:113)
Caused by: java.security.GeneralSecurityException: Checksum failed
at sun.security.krb5.internal.crypto.dk.AesDkCrypto.
decryptCTS(AesDkCrypto.java:451)
at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decrypt(
AesDkCrypto.java:272)
at sun.security.krb5.internal.crypto.Aes128.decrypt(Aes128.java:76)
at sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType.decrypt(
Aes128CtsHmacSha1EType.java:100)
... 8 more
I am using windows 10 and jdk1.8.0_144. I have local_policy
and US_export_policy jars in the security folder as described in some
sites. I'm using plain text passwords in the entries created in Ldap, as
described in some other sites. I don't know what else can I do.
This is my krb5 config file
[libdefaults]
default_realm = EXAMPLE.COM
[realms]
EXAMPLE.COM = {
kdc = localhost:60088
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
Can you please provide some help?
Thank you.