I'm writing a UserAuthGss for a ssh client using Java 6. The server, after receiving the first client token calls GSSContext.acceptSecContext on that token. The Server is throwing this exception:
GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - AES128 CTS mode with HMAC SHA1-96)
Found http://bugs.java.com/view_bug.do?bug_id=6907425 in Java 7 and wondering if anyone has had similar issues.
The workaround for me was to use a different algorithm in my kdc configuration.
Maybe the keytab file is not containing the required encryption types, generating a new keytab file would help using /crypto ALL with the ktpass command:
ktpass /out "server.keytab" /crypto ALL /princ HTTP/server@REALM /mapuser KERBEROS_SERVICEUSER /pass PASSWORD /ptype KRB5_NT_PRINCIPAL
Replace HTTP/server@REALM, KERBEROS_SERVICEUSER and PASSWORD with according values.