当我尝试使用heimdal-kdc进行身份validation时,我在kdc log中得到这个错误:
(enctype aes256-cts-hmac-sha1-96) error Decrypt integrity check failed for checksum type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96 和身份validation失败!
但用kinitvalidation是正确的!
我的kerb5.conf是
[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log krb5 = FILE:/var/log/krb5.log [libdefaults] default_realm = AUTH.LANGHUA clockskew = 300 [realms] AUTH.LANGHUA = { kdc = AUTH.LANGHUA } [domain_realm] .langhua = AUTH.LANGHUA [kdc]
当把这行添加到krb5.conf(在kdc标签中)
require-preauth = no
我得到这个错误
krb5_get_init_creds: Client have no reply key