"Empty key" exception accessing Active Directory over JNDI GSSAPI   

here is my trace:

Trace:

JGSS_DBG_CRED JAAS config: debug=true
JGSS_DBG_CRED JAAS config: credsType=initiate only (default)
JGSS_DBG_CRED JAAS config: useDefaultCcache=true
JGSS_DBG_CRED JAAS config: useDefaultKeytab=false (default)
JGSS_DBG_CRED JAAS config: forwardable=false (default)
JGSS_DBG_CRED JAAS config: proxiable=false (default)
JGSS_DBG_CRED JAAS config: noAddress=false (default)
JGSS_DBG_CRED JAAS config: tryFirstPass=false (default)
JGSS_DBG_CRED JAAS config: useFirstPass=false (default)
JGSS_DBG_CRED JAAS config: moduleBanner=false (default)
JGSS_DBG_CRED JAAS config: interactive login? no
JGSS_DBG_CRED Retrieving Kerberos creds from cache for principal=null
JGSS_DBG_CRED Done retrieving Kerberos creds from cache
JGSS_DBG_CRED Login successful
JGSS_DBG_CRED abc@XYZ.COM added to Subject
JGSS_DBG_CRED Kerberos ticket for abc@XYZ.COM added to Subject
JGSS_DBG_CRED No keys to add to Subject for abc@XYZ.IBM.COM

com.ibm.security.krb5.internal.crypto.KrbCryptoException, status code: 0
message: java.lang.IllegalArgumentException: Empty key
at com.ibm.security.krb5.internal.crypto.f.a(f.java:36)
at com.ibm.security.krb5.Checksum.<init>(Checksum.java:116)
at com.ibm.security.krb5.KrbTgsReq.a(KrbTgsReq.java:69)
at com.ibm.security.krb5.KrbTgsReq.<init>(KrbTgsReq.java:5)
at com.ibm.security.krb5.internal.l.b(l.java:5)
at com.ibm.security.krb5.internal.l.a(l.java:62)
at com.ibm.security.krb5.Credentials.acquireServiceCreds(Credentials.java:13)
at com.ibm.security.jgss.mech.krb5.p.a(p.java:265)
at com.ibm.security.jgss.mech.krb5.p.initSecContext(p.java:1121)
at com.ibm.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:207)
at com.ibm.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:245)
at com.ibm.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:163)
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:120)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:229)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2672)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:310)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:190)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:208)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:151)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:81)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:679)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:259)
at javax.naming.InitialContext.init(InitialContext.java:235)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:146)
at com.XYZ.createLdapContext(LdapClient.java:110)
snip