[29203] in Kerberos
Decrypt integrity check failed after sending several correct messages
daemon@ATHENA.MIT.EDU (Jose Miguel Such)
Fri Feb 8 00:59:12 2008
From: Jose Miguel Such <jsuch@dsic.upv.es>
To: kerberos@mit.edu
Date: Thu, 7 Feb 2008 16:12:14 +0100
MIME-Version: 1.0
Content-Disposition: inline
Message-Id: <200802071612.15297.jsuch@dsic.upv.es>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
I'm kerberizing a distributed application using the GSS-API and Kerberos
version 1.6.1.
It consists of several processes running on several hosts. There are two kind
of processes: sender processes and receiver processes. The application works
as follows: processes are grouped as pair of processes so that a sender
process and a receiver process exchange a fixed number of encrypted messages
(currently 1000).
The point is that when a lot of process pairs are running (more than 700, i.e,
1400 processes) there is always a random pair (or more than one) that fails.
After exchanging (and also encrypting and decrypting) some messages one of the
agents that are part of that pair fails when trying to decrypt the message
received, but it has decrypted all the previous messages without errors.
The failure is allways the same, when i call to gss_unwrap to decrypt the
message i get these errors:
Major status: A token had an invalid Message Integrity Check (MIC)
Minor status: Decrypt integrity check failed
The problem is solved if i retry to call gss_unwrap with the same message
after waiting for 10 or 20 milliseconds once it has failed for the first
time.
Is there anyone knowing what happens? Could i avoid waiting and retrying
gss_unwrap?
Thanks
Jose M. Such
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
