Created 03-07-2018 01:17 PM
KrbException: Server not found in Kerberos database (7) - LOOKING_UP_SERVER at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:73) at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:251) at sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:262) at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:308) at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:126) at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:458) at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:693) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179) at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192) at org.apache.zookeeper.client.ZooKeeperSaslClient$2.run(ZooKeeperSaslClient.java:366) at org.apache.zookeeper.client.ZooKeeperSaslClient$2.run(ZooKeeperSaslClient.java:363) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:422) at org.apache.zookeeper.client.ZooKeeperSaslClient.createSaslToken(ZooKeeperSaslClient.java:362) at org.apache.zookeeper.client.ZooKeeperSaslClient.createSaslToken(ZooKeeperSaslClient.java:348) at org.apache.zookeeper.client.ZooKeeperSaslClient.sendSaslPacket(ZooKeeperSaslClient.java:420) at org.apache.zookeeper.client.ZooKeeperSaslClient.initialize(ZooKeeperSaslClient.java:458) at org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1013) Caused by: KrbException: Identifier doesn't match expected value (906) at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140) at sun.security.krb5.internal.TGSRep.init(TGSRep.java:65) at sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:60) at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:55)
Created 05-02-2018 05:02 PM
Did you ever figure it out. i"m facing the same issue.
Created 10-03-2018 03:12 PM
Am seeing the same issue? Did you find a way to workaround this issue?
Created on 04-27-2020 07:49 AM - edited 04-27-2020 07:51 AM
Hi.
Has your client machine a valid kerberos client setup?
Is it's krb5.ini, or krb5.conf for windows machines, coherent with underlying kerberos server setup?
Stefano
Created 03-21-2022 09:54 PM
Make sure username is in lower case and domain name is in upper case when generating keytab using ktpass command.
This is right: ktpass .... -mapUser user@EXAMPLE.COM
This is wrong: ktpass .... -mapUser USER@EXAMPLE.COM or user@example.com
Created 12-17-2023 06:03 PM
Saw the same issue and debug it by adding Java option
-Dsun.security.krb5.debug=true
In the logs, I found the IP address of KDC is shown instead of the hostname. That's suspicious. So I tried adding the IP -> hostname mapping of the KDC server in /etc/hosts. It resolved the issue.
There could be other causes for your issue. The debug logs can show you more clues.