You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* "GSSException: Failure unspecified at GSS-API level (Mechanism level: No Kerberos credentials available)"
There is no active credential. Check with klist that there is an existing credential. If not create it with the "kinit" command
* "java.sql.SQLInvalidAuthorizationSpecException: Could not connect: GSSAPI name mismatch, requested '[email protected]', actual name '[email protected]'"
There is an existing credential, but doesn't correspond to the connection user.
example :
if user is created with a command like
```script
CREATE USER userOne@'%' IDENTIFIED WITH gssapi AS '[email protected]';
```
klist must show the same principal ([email protected] in this example)
* "GSSException: No valid credentials provided (Mechanism level: Clock skew too great (37))". The Kerberos protocol requires the time of the client
and server to match: if the system clocks of the client does not match that of the KDC server, authentication will fail with this kind of error.
The simplest way to synchronize the system clocks is to use a Network Time Protocol (NTP) server.
