LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 07-16-2012, 10:11 PM   #1
cmccullo
Member
 
Registered: Jan 2011
Posts: 31

Rep: Reputation: 0
Sserver Decrypt integrity check failed


I am trying to implement mutual authentication with Kerberos. I downloaded krb5-1.10.2 and succeeded in getting sclient and sserver to talk to each other. The problem is sserver dies after a single client access. I am trying to add code to get sserver to continue listening and reply to many requests from a client.

The first request is successful. The second and subsequent requests produce the error message: sendauth rejected, error reply is: " Decrypt integrity check failed"

This error is generated by src/lib/crypto/krb/decrypt.c, line 78. Line 78 is a pointer to a function I have not been able to track down.

There are indications that this problem involves reusing a key. Yet, on the client machine, I have issued a kdestroy, the kinit to get a new key and run the client again. No luck. I don't understand where the key is reused or how to get a new one.

Can anyone help with this? Can you point me to a sample client and server that exchange information both ways, over multiple sessions? I need the client and server to authenticate, then the client pass information to the server which processes it and sends a reply to the client. The client then gets new information and initiates a new session with the server. Like I said above, sserver is a good start, but it dies after a single exchange.
 
Old 07-28-2012, 04:30 PM   #2
cmccullo
Member
 
Registered: Jan 2011
Posts: 31

Original Poster
Rep: Reputation: 0
I tracked the problem to a different area - src/lib/krb5/krb/rd_req_dec.c line 269. On the first pass through sserve, there is no auth_context->key. On subsequent passes, a key exists and fails. If I terminate sserver and restart it, again, there is no auth_context->key for the first request from sclient, but one appears for subsequent requests.

sclient is a one-time program. It runs and then terminates. I don't understand how it could not produce an auth_context->key on the first run and then produce it on subsequent runs.

I commented out rd_req_dec.c lines 269 through 280, and 285. Now sserve processes multiple requests. This looks like something odd with the way sserve is written - that is creates an auth_context->key after its first request??
 
Old 07-29-2012, 02:22 PM   #3
cmccullo
Member
 
Registered: Jan 2011
Posts: 31

Original Poster
Rep: Reputation: 0
I added
retval = krb5_auth_con_init(context, &auth_context);
before the krb5_recvauth() statement. This initialized auth_context and fixed the problem.
 
  


Reply

Tags
kerberos


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
GPG : Failed to decrypt the file Ashish Sood Linux - General 1 05-07-2012 03:02 PM
How to check integrity of install CD? taylorkh Ubuntu 3 11-23-2010 03:35 PM
file integrity check packets Linux - Security 4 08-18-2010 09:11 PM
Starting postfix: Postfix integrity check failed! Leirith Linux - Software 2 01-02-2008 09:55 PM
Redhat 7.3 File System Integrity check /usr failed while booting up Chandran Red Hat 3 06-09-2005 12:36 AM


All times are GMT -5. The time now is 05:22 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration