WNA Error - Found unsupported keytype (18) for HTTP/<host1.domain1>@<domain1> (Doc ID 2119015.1)

Last updated on AUGUST 01, 2023

Applies to:

Symptoms

WNA is not working. When set to collect more details using -Dsun.security.krb5.debug=true -Dsun.security.spnego.debug=true to the JAVA PROPERTIES shows following errors.

Java config name: <path_to_directory>/krb5.conf
Loaded from Java config
Added key: 17version: 8
Found unsupported keytype (18) for HTTP/<host1.domain1>@<domain1>      <<<<<==== error
Added key: 23version: 8
Added key: 3version: 8
Added key: 1version: 8
Ordering keys wrt default_tkt_enctypes list
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 17 16 23 1 3.                       <<<<<==== This is corresponding to ticket encryption where  17 (aes), 16 (des) and 23 (rc4-hmac). 18 is not on default etypes in Kerberos list and cause of error "Found unsupported keytype (18)".
>>> KdcAccessibility: reset
Added key: 17version: 8
Found unsupported keytype (18) for HTTP/<host1.domain1>@<domain1>          <<<<<==== error
Added key: 23version: 8
Added key: 3version: 8
Added key: 1version: 8
Ordering keys wrt default_tkt_enctypes list
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 17 16 23 1 3.
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 17 16 23 1 3.
>>> KrbAsReq creating message
>>> KrbKdcReq send: kdc=xxxxx TCP:<port1>, timeout=3000, number of retries =3, #bytes=173
>>> KDCCommunication: kdc=xxxxx TCP:<port1>, timeout=3000,Attempt =1, #bytes=173
>>>DEBUG: TCPClient reading 270 bytes

Note:

Changes

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.