"No common protection layer between client and server" error when connecting to LDAP using GSSAPI I got

Question

When connecting to LDAP using GSSAPI

Hashtable<String, String> env = new Hashtable<>();
env.put(Context.INITIAL_CONTEXT_FACTORY, LdapCtxFactory.class.getName());

// Must use fully qualified hostname
env.put(Context.PROVIDER_URL, ldapUri);

// Request the use of the "GSSAPI" SASL mechanism
// Authenticate by using already established Kerberos credentials
env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");

I got

javax.security.sasl.SaslException: No common protection layer between client and server
at com.sun.security.sasl.gsskerb.GssKrb5Client.doFinalHandshake(GssKrb5Client.java:251) ~[na:1.8.0_40]
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:186) ~[na:1.8.0_40]
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:133) ~[na:1.8.0_40]

score 2 · Answer 1 · answered Jul 14 '15 at 10:52

2

You have to specify QOP

env.put("javax.security.sasl.qop", "auth-conf");

answered Jul 14 '15 at 10:52

Lukas

13,606
9
31
40

Just to add, if you use Presto and encounter this problem. Set `hive.hdfs.wire-encryption.enabled` to true. See: https://github.com/prestodb/presto/issues/8604 and https://prestodb.io/docs/current/connector/hive-security.html#hdfs-wire-encryption – dz902 Mar 01 '21 at 07:20

"No common protection layer between client and server" error when connecting to LDAP using GSSAPI I got

1 Answers1