JGSS Integrity check on decrypted field failed (31)

While trying to get a java app to authenticate to a webserver using Authentication: Negotiate, (SPNEGO) I hit a hard to debug problem.

The JGSS kept returning Integrity check on decrypted field failed (31).

There are many causes to this:

1) Make sure your realm is all in uppercase.

2) If you are on Windows XP SP2 or Vista, you need to set a registry key in order to allow the TGT session key to be accessed by other applications (in this case Java).

In the key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters

Create value:

DWORD allowtgtsessionkey = 1

I found this here:

http://java.sun.com/j2se/1.5.0/docs/guide/security/jgss/tutorials/Troubleshooting.html