Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)

avatar
author-rank gharpure_amol1
Explorer

Created ‎07-27-2018 10:18 AM

Hi ,

I am currently facing this issue when I'm trying to execute the acceptSecContext() method.

Is this because RC4 with HMAC has been depreciated?

18,987 Views
0 Kudos
0
7 REPLIES 7

avatar
author-rank Shelton
Master Mentor

Created ‎07-27-2018 10:26 AM

@Amol Gharpure

Can you share your krb5.conf?

Is your domain configured and nslookup <hostname> is working verify that your /etc/resolv.conf is well configured?

Ensure JCE is installed on the Ambari Server.

18,323 Views
0 Kudos

avatar
author-rank gharpure_amol1
Explorer

Created ‎08-02-2018 09:03 AM

Hi , I have added the krb5.conf file

18,323 Views
0 Kudos

avatar
author-rank gharpure_amol1
Explorer

Created ‎07-30-2018 07:06 AM

krb5.conf looks like this

[libdefaults]

ticket_lifetime = 10

default_realm = TEST.GLOBAL.AD

default_keytab_name = file:///C:/Windows/myKeytab.kettab

dns_lookup_realm = false

dns_lookup_kdc = true

default_tkt_enctypes = rc4-hmac

default_tgs_enctypes = rc4-hmac

permitted_enctypes = rc4-hmac

udp_perference_limit = 0

default_principal_flags = +renewable

[realms]

MISYS.GLOBAL.AD = { kdc = (AD IP) }

[appdefaults]

autologin = true

forward = true

forwardable = true

encrypt = true

18,323 Views
0 Kudos

avatar
author-rank benhadoop
Expert Contributor

Created ‎07-31-2018 06:21 AM

Did you authenticate using Keytabs or using a password-based kinit?

Could you please send the result of "klist" and "klist -kte <keytab-file>"

18,323 Views
0 Kudos

avatar
author-rank gharpure_amol1
Explorer

Created ‎07-31-2018 11:45 AM

password-based kinit is used.

The output of the klist -kte mykey.keytab :-

Key tab: myKey.keytab, 1 entry found.

[1] Service principal: HTTP/xyz@myCom.global.ad

KVNO: 4

18,323 Views
0 Kudos

avatar
author-rank rlevas
Guru

Created ‎07-31-2018 02:00 PM

myCom.global.ad is an invalid realm. The realm needs to be all uppercase characters, like MYCOM.GLOBAL.AD

18,323 Views
0 Kudos

avatar
author-rank gharpure_amol1
Explorer

Created ‎08-02-2018 09:03 AM

yes that was by mistake. The Realm name is as per you mentioned. But still i am facing this issue. Is this a configuration error or something else ?

18,323 Views
0 Kudos
Announcements
Community Announcements
April 2025 Cloudera Customer Advisory: Cloudera’s response t...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
View More Announcements