After upgrading to 10.1 we started seeing Kerberos authentication failing with the following:

Could not process Kerberos token (Negotiate); error is 'KrbException: Encryption type RC4 with HMAC is not supported/enabled'

CA API Gateway 10.1

The upgrade to 10.1 also moves the java jdk used by the gateway to 11.x which has much more stringent security measures in place and has disabled weaker encryption algorithms by default.

You can look to set the following system property to true to allow the use of those weaker encryption methods within the /opt/SecureSpan/Gateway/node/default/etc/conf/system.properties file as follows:

com.l7tech.server.krb5.allowWeakCrypto = true

This is also mentioned in our documentation here:

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/10-1/reference/gateway-system-properties.html#concept.dita_4939a357af74cef7b69d943106e09891368d51c9_allowweakcrypto

You will then need to restart the gateway for the change to take effect.