Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)

GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)

New Contributor

Hi ,

I am currently facing this issue when I'm trying to execute the acceptSecContext() method.

Is this because RC4 with HMAC has been depreciated?

7 REPLIES 7

Re: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)

Mentor

@Amol Gharpure

Can you share your krb5.conf?

Is your domain configured and nslookup <hostname> is working verify that your /etc/resolv.conf is well configured?

Ensure JCE is installed on the Ambari Server.

Re: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)

New Contributor

Hi , I have added the krb5.conf file

Re: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)

New Contributor

krb5.conf looks like this

[libdefaults]

ticket_lifetime = 10

default_realm = TEST.GLOBAL.AD

default_keytab_name = file:///C:/Windows/myKeytab.kettab

dns_lookup_realm = false

dns_lookup_kdc = true

default_tkt_enctypes = rc4-hmac

default_tgs_enctypes = rc4-hmac

permitted_enctypes = rc4-hmac

udp_perference_limit = 0

default_principal_flags = +renewable

[realms]

MISYS.GLOBAL.AD = { kdc = (AD IP) }

[appdefaults]

autologin = true

forward = true

forwardable = true

encrypt = true

Highlighted

Re: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)

Expert Contributor

Did you authenticate using Keytabs or using a password-based kinit?

Could you please send the result of "klist" and "klist -kte <keytab-file>"

Re: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)

New Contributor

password-based kinit is used.

The output of the klist -kte mykey.keytab :-

Key tab: myKey.keytab, 1 entry found.

[1] Service principal: HTTP/xyz@myCom.global.ad

KVNO: 4

Re: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)

myCom.global.ad is an invalid realm. The realm needs to be all uppercase characters, like MYCOM.GLOBAL.AD

Re: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)

New Contributor

yes that was by mistake. The Realm name is as per you mentioned. But still i am facing this issue. Is this a configuration error or something else ?