Cause 1: The password entered is incorrect.

Solution 1: Verify the password.

Cause 2: If you are using the keytab to get the key (e.g., by setting the useKeyTab option to true in the Krb5LoginModule entry in the JAAS login configuration file), then the key might have changed since you updated the keytab.

Solution 2: Consult your Kerberos documentation to generate a new keytab and use that keytab.

Cause 3: Clock skew - If the time on the KDC and on the client differ significanlty (typically 5 minutes), this error can be returned.

Solution 3: Synchronize the clocks (or have a system administrator do so).

Cause 4: The Kerberos realm name is not all uppercase.

Solution 4: Make the Kerberos realm name all uppercase. Note: It is recommended to have all uppercase realm names. For details, refer to the Naming Conventions for the Realm Names and Hostnames section of this tutorial.