IBM Support

IJ56810: KERBEROS ILLEGALARGUMENTEXCEPTION: ENCRYPTIONKEY: KEY BYTES CANNOT BE NULL! READING VERSION 4 CREDENTIALS CACHE FILE

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Error Message: Caused by: org.ietf.jgss.GSSException, major
code: 13, minor code: -1
                major string: Invalid credentials
                minor string: Attempt to obtain new INITIATE
credentials failed! (null)
.
Stack Trace: Exception in thread "main"
java.lang.IllegalArgumentException: EncryptionKey: Key bytes
cannot be null!
                    at
com.ibm.security.krb5.EncryptionKey.<init>(EncryptionKey.java:25
9)
                    at
com.ibm.security.krb5.internal.ccache.a.j(a.java:154)
                    at
com.ibm.security.krb5.internal.ccache.a.q(a.java:39)
                    at
com.ibm.security.krb5.internal.ccache.d.a(d.java:12)
                    at
com.ibm.security.krb5.internal.ccache.e.c(e.java:43)
                    at
com.ibm.security.krb5.internal.ccache.d.a(d.java:26)
.

Local fix

  • Use only IBM Java to create and manage the credentials cache
file.

Problem summary

  • Loading a version 4 format credentials cache file which contains
"config entries" data results in an
            java.lang.IllegalArgumentException.  Version 4
format files may contain "Credential cache configuration
entries" with
            a ticket field that is not (usually) a valid
encoding of a Kerberos ticket.
            An implementation must not treat the cache file as
malformed if it cannot decode the ticket field.
            Refer to
https://web.mit.edu/kerberos/krb5-devel/doc/formats/ccache_file_
format.html#credential-cache-configuration-entries
            for information on "Credential cache configuration
entries".

Problem conclusion

  • A fix is made to IBMJGSS/ibmjgssprovider.jar
            The associated Hursley RTC Problem Report is 153351
            The associated Austin git issue IBMJGSS#142
            JVMs affected: Java 8
            The fix was delivered for Java 8SR8FP60 The affected
jar is "ibmjgssprovider.jar".
            The build level of this jar for the affected
releases is "20251119-561"

.
This APAR will be fixed in the following Releases:
.
IBM Semeru Runtimes
IBM SDK, Java Technology Edition
   8    SR8 FP60  (8.0.8.60)
.
Downloads and supplementary documentation can be found at the
following locations:
- For non z/OS operating systems:
  - IBM Semeru Runtimes, Version 11 and later
    https://www.ibm.com/semeru-runtimes/downloads/
  - IBM SDK, Java Technology Edition, Version 8
    https://www.ibm.com/support/pages/java-sdk-downloads/
- For the z/OS operating system:
  - Java SDK Products on z/OS
    https://www.ibm.com/support/pages/java-sdk-products-zos

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IJ56810
    • 

  • Reported component name
    SECURITY
    • 

  • Reported component ID
    620700125
    • 

  • Reported release
    270
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2025-11-21
    • 

  • Closed date
    2025-11-21
    • 

  • Last modified date
    2025-11-21
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SECURITY
    • 

  • Fixed component ID
    620700125
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            21 November 2025
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback