# kinit me/admin Password for me/admin@REALM:my_passphrase_shown_in_plaintext_on_tty!!! Exception: krb_error 31 Integrity check on decrypted field failed (31) Integrity check on decrypted field failed KrbException: Integrity check on decrypted field failed (31) at sun.security.krb5.KrbAsRep.<init>(DashoA12275:67) at sun.security.krb5.KrbAsReq.getReply(DashoA12275:315) at sun.security.krb5.KrbAsReq.getReply(DashoA12275:276) at sun.security.krb5.internal.tools.Kinit.<init>(DashoA12275:271) at sun.security.krb5.internal.tools.Kinit.main(DashoA12275:109) Caused by: KrbException: Identifier doesn't match expected value (906) at sun.security.krb5.internal.ah.a(DashoA12275:134) at sun.security.krb5.internal.av.a(DashoA12275:63) at sun.security.krb5.internal.av.<init>(DashoA12275:58) at sun.security.krb5.KrbAsRep.<init>(DashoA12275:53) ... 4 more # hash hits command 1 /opt/blackdown-jdk-1.4.2.03/bin/kinit # I really wanted to get /usr/bin/kinit (formerly /usr/heimdal/bin/kinit) to be executed instead. How are you goind to resolve this? Install blackdown-jdk into FHS locations? ;-)
(In reply to comment #0) > I really wanted to get /usr/bin/kinit (formerly /usr/heimdal/bin/kinit) to be > executed instead. How are you goind to resolve this? Install blackdown-jdk into > FHS locations? ;-) Erm, no... If /opt/blackdown-jdk-1.4.2.03/bin/ comes before /usr/bin in your $PATH, then there's something broken on your system.
No, /usr/bin/ comes first in my $PATH. Sorry for the mess, at that very moment I did not have instlled heidmal in FHS /usr/ but in /usr/heimdal/. ;) Anyway, it is best to start commands with full path. ;)
(In reply to comment #2) > No, /usr/bin/ comes first in my $PATH. Sorry for the mess, at that very moment > I did not have instlled heidmal in FHS /usr/ but in /usr/heimdal/. ;) Anyway, > it is best to start commands with full path. ;) Well, my understanding is that /usr/heimdal was outside $PATH then, so this bug is invalid, right? If so, please close it. :)
Yes, I hadn't /usr/heimdal/bin in the path, but that is not what I wanted to report here. Simply, I report that kinit, klist and I guess others clash with heimdal, kth-krb, mit-krb5. Mostly when reading bugreports in bugzilla, people think of the heimdal, kth-krb, mit-krb5 combination, but there's yet another package which provides similar/same tools. If java people would like to fix something real time soon, then so that the password in not shown on tty when the exception is triggered (see line 2 in original comment). ;-)
(In reply to comment #4) > Yes, I hadn't /usr/heimdal/bin in the path, but that is not what I wanted to > report here. Simply, I report that kinit, klist and I guess others clash with > heimdal, kth-krb, mit-krb5. Mostly when reading bugreports in bugzilla, people > think of the heimdal, kth-krb, mit-krb5 combination, but there's yet another > package which provides similar/same tools. So, with correct PATH and install location, the kinit from jdk doesn't come before the one you know, right? > If java people would like to fix something real time soon, then so that the > password in not shown on tty when the exception is triggered (see line 2 in > original comment). ;-) > We can't fix much about a binary package :) Also kinit and stuff has been removed in 1.6 JDK, so marking UPSTREAM.
OK, the filename clash is not an issue anymore with sun-jdk/jre-1.6.0. And because the kinit utility disappeared, it seems there is no reason fix it (the password was shown on tty). $ ls /opt/sun-jre-bin-1.6.0/bin/ ControlPanel java_vm jcontrol orbd policytool rmiregistry tnameserv java javaws keytool pack200 rmid servertool unpack200 $ ls /opt/sun-jre-bin-1.5.0.10/bin/ ControlPanel java_vm keytool klist orbd policytool rmiregistry tnameserv java javaws kinit ktab pack200 rmid servertool unpack200 $
