Reputation: 91
GSS-API Exception - Cannot find key of appropriate type to decrypt AP REP - AES128
I'm writing a UserAuthGss for a ssh client using Java 6. The server, after receiving the first client token calls GSSContext.acceptSecContext on that token. The Server is throwing this exception:
GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - AES128 CTS mode with HMAC SHA1-96)
Found http://bugs.java.com/view_bug.do?bug_id=6907425 in Java 7 and wondering if anyone has had similar issues.
Upvotes: 0
Views: 1888
Answers (2)
Reputation: 8100
Maybe the keytab file is not containing the required encryption types, generating a new keytab file would help using /crypto ALL with the ktpass command:
ktpass /out "server.keytab" /crypto ALL /princ HTTP/server@REALM /mapuser KERBEROS_SERVICEUSER /pass PASSWORD /ptype KRB5_NT_PRINCIPAL
Replace HTTP/server@REALM, KERBEROS_SERVICEUSER and PASSWORD with according values.
Upvotes: 0
Reputation: 91
The workaround for me was to use a different algorithm in my kdc configuration.
Upvotes: 0
Related Questions
- Java AES / GCM decryption fails
- GSSException: [..] Encryption type AES256CTS mode with HMAC SHA1-96 is not supported/enabled
- AES encryption, InvalidKeyException: Unsupported key size: 6 bytes?
- Invalid AES key length: 128 bytes?
- GSS-API Java strange error
- Invalid Key exception while decrypting AES key
- Invalid AES Key length:39bytes
- Getting Exception java.security.InvalidKeyException: Invalid AES key length: 29 bytes?
- Java Encryption setup fails with InvalidKeySpecException
- Why does my AES encryption throws an InvalidKeyException?