Manualshelf

Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
271272273274275276277278279280
Troubleshooting
Typical User Error Messages
Chapter 9 273
Typical User Error Messages
Your application users may encounter error messages while using the
Kerberos Server. The following sections describe typical user error
messages, explains why they might occur, and suggests how to avoid
them.
Decrypt integrity check failed
Explanation: This message is displayed if an application user requests
a ticket from the server and one of the following is true:
The user entered the wrong password for the realm chosen for the
ticket request. There may be a different password for each realm
that the user is permitted to access.
The user entered an incorrect principal name during logon.
The user principal account has been locked out of the security
network and is not authorized to receive tickets from the server.
This message may also appear when a user attempts to change their
password. In this case, the above conditions apply to the entries in the
kpasswd of UNIX clients.
Based on how the MaxFailAuthCnt parameter in the password policy file
is configured, the application user may have had a sufficient amount of
failed authentication attempts to be locked from getting another ticket.
Action: Unlock the principal account using an administrative tool.
Password has already been used or is too close to
current one
Explanation: This error message appears if the user chooses a
password that has been previously used by them. The maximum number
of previous passwords to compare the new proposed password against is
defined in the MaximumHistory entry in the password policy file. The
default is 1.
Action: Instruct the user to choose a password that has not been
previously used.