VOOZH about

URL: https://www.ibm.com/support/pages/apar/IJ56810

⇱ IJ56810: KERBEROS ILLEGALARGUMENTEXCEPTION: ENCRYPTIONKEY: KEY BYTES CANNOT BE NULL! READING VERSION 4 CREDENTIALS CACHE FILE

IJ56810: KERBEROS ILLEGALARGUMENTEXCEPTION: ENCRYPTIONKEY: KEY BYTES CANNOT BE NULL! READING VERSION 4 CREDENTIALS CACHE FILE

APAR status

  • Closed as program error.

Error description

  • Error Message: Caused by: org.ietf.jgss.GSSException, major
code: 13, minor code: -1
 major string: Invalid credentials
 minor string: Attempt to obtain new INITIATE
credentials failed! (null)
.
Stack Trace: Exception in thread "main"
java.lang.IllegalArgumentException: EncryptionKey: Key bytes
cannot be null!
 at
com.ibm.security.krb5.EncryptionKey.<init>(EncryptionKey.java:25
9)
 at
com.ibm.security.krb5.internal.ccache.a.j(a.java:154)
 at
com.ibm.security.krb5.internal.ccache.a.q(a.java:39)
 at
com.ibm.security.krb5.internal.ccache.d.a(d.java:12)
 at
com.ibm.security.krb5.internal.ccache.e.c(e.java:43)
 at
com.ibm.security.krb5.internal.ccache.d.a(d.java:26)
.

Local fix

  • Use only IBM Java to create and manage the credentials cache
file.

Problem summary

  • Loading a version 4 format credentials cache file which contains
"config entries" data results in an
 java.lang.IllegalArgumentException. Version 4
format files may contain "Credential cache configuration
entries" with
 a ticket field that is not (usually) a valid
encoding of a Kerberos ticket.
 An implementation must not treat the cache file as
malformed if it cannot decode the ticket field.
 Refer to
https://web.mit.edu/kerberos/krb5-devel/doc/formats/ccache_file_
format.html#credential-cache-configuration-entries
 for information on "Credential cache configuration
entries".

Problem conclusion

  • A fix is made to IBMJGSS/ibmjgssprovider.jar
 The associated Hursley RTC Problem Report is 153351
 The associated Austin git issue IBMJGSS#142
 JVMs affected: Java 8
 The fix was delivered for Java 8SR8FP60 The affected
jar is "ibmjgssprovider.jar".
 The build level of this jar for the affected
releases is "20251119-561"

.
This APAR will be fixed in the following Releases:
.
IBM Semeru Runtimes
IBM SDK, Java Technology Edition
 8 SR8 FP60 (8.0.8.60)
.
Downloads and supplementary documentation can be found at the
following locations:
- For non z/OS operating systems:
 - IBM Semeru Runtimes, Version 11 and later
 https://www.ibm.com/semeru-runtimes/downloads/
 - IBM SDK, Java Technology Edition, Version 8
 https://www.ibm.com/support/pages/java-sdk-downloads/
- For the z/OS operating system:
 - Java SDK Products on z/OS
 https://www.ibm.com/support/pages/java-sdk-products-zos

Temporary fix



Comments


    



APAR Information




    

  • APAR number
    IJ56810
    • 

  • Reported component name
    SECURITY
    • 

  • Reported component ID
    620700125
    • 

  • Reported release
    270
    • 

  • Status
    CLOSED PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2025-11-21
    • 

  • Closed date
    2025-11-21
    • 

  • Last modified date
    2025-11-21
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SECURITY
    • 

  • Fixed component ID
    620700125
    • 



Applicable component levels







 
 
 
 

 [{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]
 

 

 
 
 

 

 

 

 

 

 
Document Information


 

 

 Modified date:
 

 21 November 2025