GSSAPI authentication ceased working
Wesley Craig
wes at umich.edu
Thu Jan 8 14:21:30 EST 2009
On 02 Jan 2009, at 11:19, Lars Hanke wrote:
> hermod: /var/log/auth.log
> Jan 2 17:07:54 hermod imtest: GSSAPI Error: Unspecified GSS
> failure. Minor code may provide more information (Decrypt
> integrity check failed)
>
> hel: /var/log/syslog
> Jan 2 16:07:54 hel krb5kdc[1652]: TGS_REQ (7 etypes {18 17 16 23 1
> 3 2}) 172.16.6.5: PROCESS_TGS: authtime 0, <unknown client> for
> imap/hermod.mgr at MGR, Decrypt integrity check failed
As I read this, hel is saying that the TGT is bad. You're trying to
obtain a service ticket for imap/hermod, but the TGT you're
attempting to use is not accepted by the KDC. If you klist after
running imtest, you have no imap/hermod ticket. I've never seen an
error like that. It suggests that you KDC is really broken :)
Something like the key used to encrypt your TGT isn't valid for
obtaining service tickets.
:wes
More information about the Info-cyrus
mailing list