Content Platform Engine, Version 5.2.1            

Null name

You can recover from a null name error.

Symptoms

Null name

Resolving the problem

This error will occur on WebSphere systems if the "identity" user name used for Kerberos's identity account is longer than 20 characters. The default identity user name is derived by Content Platform Engine to be the string FNCEWS_ + host_name. Unfortunately, this default name will be too long if host_name itself is 14 or more characters long. If this is the case, this can be fixed by using some other name for this identity user account and specifying that name in the serviceAccountName option for KrbServiceLoginModule. (For example, serviceAccountName=FN_long_host_name_123).

Another possibility, also on WebSphere servers, is that the encryption type of the key saved in the keytab does not match the encryption type used when encrypting the Kerberos ticket. One way for this to happen is if the “identity” account does not have the Use DES encryption types for this account option set in the account's property dialog for DES security, or it does have that option set for RC4-HMAC security.

This problem might require setting the ‑Dcom.ibm.security.jgss.debug=all and -Dcom.ibm.security.krb5.Krb5Debug=all properties on the JVM to diagnose as described in Recovering from Content Platform Engine server problems.



Last updated: March 2016
p8psn065.htm

© Copyright IBM Corporation 2016.