7 March,17 at 05:51 PM
Reference link:
As mentioned in the thread, the problem is due to the name-type field not being set in the PA-TGS-REQ, which is a required field for read only domain controller (RODC), without this feild KRB5KRB_AP_ERR_BAD_INTEGRITY will be returned.
After renewing the ticket using "kinit -R", it can be observed in a network trace, KRB5KRB_AP_ERR_BAD_INTEGRITY error is returned when requesting the service ticket.
=========
#14734, TGS-REQ, krbtgt/centrify.com -> krbtgt/centrify.com
#14736, TGS-REP, error-code: eRR-BAD-INTEGRITY (31)
========
Resolution:
This is fixed with Centrify DirectControl 5.3.1-411 and above.
“Centrify Corporation does not take any responsibility for the content or availability of this link and it was provided as a courtesy. Customers should contact the vendor if there are any further questions”.