Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I am trying to implement mutual authentication with Kerberos. I downloaded krb5-1.10.2 and succeeded in getting sclient and sserver to talk to each other. The problem is sserver dies after a single client access. I am trying to add code to get sserver to continue listening and reply to many requests from a client.
The first request is successful. The second and subsequent requests produce the error message: sendauth rejected, error reply is: " Decrypt integrity check failed"
This error is generated by src/lib/crypto/krb/decrypt.c, line 78. Line 78 is a pointer to a function I have not been able to track down.
There are indications that this problem involves reusing a key. Yet, on the client machine, I have issued a kdestroy, the kinit to get a new key and run the client again. No luck. I don't understand where the key is reused or how to get a new one.
Can anyone help with this? Can you point me to a sample client and server that exchange information both ways, over multiple sessions? I need the client and server to authenticate, then the client pass information to the server which processes it and sends a reply to the client. The client then gets new information and initiates a new session with the server. Like I said above, sserver is a good start, but it dies after a single exchange.
I tracked the problem to a different area - src/lib/krb5/krb/rd_req_dec.c line 269. On the first pass through sserve, there is no auth_context->key. On subsequent passes, a key exists and fails. If I terminate sserver and restart it, again, there is no auth_context->key for the first request from sclient, but one appears for subsequent requests.
sclient is a one-time program. It runs and then terminates. I don't understand how it could not produce an auth_context->key on the first run and then produce it on subsequent runs.
I commented out rd_req_dec.c lines 269 through 280, and 285. Now sserve processes multiple requests. This looks like something odd with the way sserve is written - that is creates an auth_context->key after its first request??