Troubleshooting
User Error MessagesUser Error MessagesUsers may see error messages while using the Kerberos server. The following sections describe user error messages, explain their causes, and suggest corrective actions.
Decrypt Integrity Check FailedExplanation: This message is displayed if a user requests a ticket from the server and one of the following conditions is true:
•User entered the wrong password for the realm chosen for the ticket request. A different password for each realm may exist that the user is permitted to access.
•User entered an incorrect principal name during logon.
•User principal account has been locked out of the security network and is not authorized to receive tickets from the server.
This message may also appear when a user attempts to change his or her password. In this case, these conditions apply to the entries in the kpasswd file of UNIX clients.
Depending on how you have configured the MaxFailAuthCnt parameter in the password policy file, the user may have had a sufficient number of failed authentication attempts to be locked from obtaining another ticket.
Action: Unlock the principal account using an administrative tool.
Password Has Already Been Used or Is Too Close to Current OneExplanation: This error message appears if a user chooses a password that he or she has previously used. The maximum number of previous passwords to compare the new proposed password against is defined in the MaximumHistory entry in the password policy file. The default is 1.
Action: Instruct the user to choose a password that has not been used previously.
Chapter 11 | 305 |