Content Platform Engine, Version 5.2.1            

Encryption errors

You can recover from encryption or decryption errors.

Symptoms

KDC has no support for encryption type (14)

Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC

Cryptographic key type rc4-hmac not found

Cryptographic key type des-cbc-md5 not found

Cryptographic key type des-cbc-crc not found

Resolving the problem

These errors might mean that the "identity" domain user account does not have the Use DES encryption types for this account option set if DES security is desired or that it does have the option set if RC4-HMAC security is desired. Another possibility is that the wrong ktab utility was used (for example, the Sun ktab utility was used on a WebSphere system), in which case try setting the keytab with the ktpass utility.

An error like this can also mean that the krb5.ini file does not have these settings in the[libdefaults] section for DES security:

default_tgs_enctypes = des-cbc-md5 des-cbc-crc
default_tkt_enctypes = des-cbc-md5 des-cbc-crc

And similarly, for RC4-HMAC security, that the krb5.ini file does not have these settings:

default_tgs_enctypes = rc4-hmac
default_tkt_enctypes = rc4-hmac


Last updated: March 2016
p8psn054.htm

© Copyright IBM Corporation 2016.