Shop

Your Notifications (0)

There are currently no notifications. You're all set!

Demos Trials
Knowledge Base
ChemDraw and ChemOffice+ Products Signals Notebook E-Notebook and ChemBioOffice Enterprise Spotfire and Signals Spotfire Products Columbus Signals Image Artist
Downloads
Downloads
Community
Support Forums Ideas Portal Product Basics
About Support
Legal Resources Support and Maintenance Plans Product Life Cycle Support News
Contact Support

Error while executing kinit command while setting Kerberos authentication: "KrbException : no supported default etypes for default_tkt_enctypes".

Rich Talbot
  • Updated
Date Posted:
Product: TIBCO Spotfire®

Problem:

Error while executing kinit command while setting Kerberos authentication: "KrbException : no supported default etypes for default_tkt_enctypes".


Solution:

You may come across this error while executing kinit command for Kerberos Authentication: "no supported default etypes for default_tkt_enctypes".

Find the following error message.
----------------------------
Exception: krb_error 0 no supported default etypes for default_tkt_enctypes No error
KrbException: no supported default etypes for default_tkt_enctypes
at sun.security.krb5.Config.defaultEtype Config.jaua:844
at sun.security.krb5. internal.crypto-EType.ge t Defaultsat sun.security.krb5. internal.crypto-EType-ge t Defaultsat sun-security.krb5.KrhAsReuBuilder-build(KrhAsReuBuilder-java:261)
at sun-security.krb5.KrbAsReqBuilder-sendat sun.security.krb5.KrbAs ReqBuilder.action<KrbAs ReqBuilder.java:361
at sun.security.krb5.internal.tools.Kinit.<init><Kinit.java:219)
at sun.security.krb5.internal.tools.Kinit.mainCKinit-java:113)
---------------------------- You may receive this encryption error because of the  encryption type entered in the ktpass command or the krb5.conf file is not supported by the KDC (Active directory domain controller if you are using Microsoft AD). The encryption types supported by an Active Directory domain controller are listed in the msDS-SupportedEncryptionTypes attribute of the domain controller's computer object. In a default installation, they are typically something like the folowing:

RC4_HMAC_MD5
AES128_CTS_HMAC_SHA1_96
AES256_CTS_HMAC_SHA1_96

You can refer to the link below to know the encryption type settings for computer object('Computer Account Encryption Type Setting' section) :
https://blogs.msdn.microsoft.com/openspecification/2011/05/30/windows-configurations-for-kerberos-supported-encryption-type/

Depending on the supported encryption types by an Active Directory domain controller, you need to set the encryption type in the ktpass command and krb5.conf file.

Note: This error is very generic and there could be multiple possible reasons for this error.

You may come across this issue if you have very old version of JCE jars (US_export_policy.jar and local_policy.jar) in Spotfire server installation directory (For example: C:\tibco\tss\10.6.0\jdk\jre\lib\security\policy)
You can download latest versions of jars from this location:  https://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

Related articles