Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.10.0, 3.2.1, 3.1.3
-
None
Description
In JHS, if the KDC goes offline, the IPC layer does try to relogin, but it's not always enough. You have to wait for 60 seconds for the next retry. In the meantime, if the KDC comes back, the following error might occur:
2020-04-09 03:27:52,075 DEBUG ipc.Server (Server.java:processSaslToken(1952)) - Have read input token of size 708 for processing by saslServer.evaluateResponse() 2020-04-09 03:27:52,077 DEBUG ipc.Server (Server.java:saslProcess(1829)) - javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - AES128 CTS mode with HMAC SHA1-96)] at com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:199) ...
When this happens, JHS has to be restarted.