The service key is obtained via the following code path:
<- EncryptionKey.acquireSecretKey(principal, keyTabName);
KeyTab.readServiceKey(principal) reads the *last* key entry from the
keytab that matches the service principal name supplied. It doesn't
check the keytype at that point, just records it. Later on, when
the key gets used, say, in EncryptedData:
EType etypeEngine = EType.getInstance(key.getEType());
It discovers that it doesn't have support for that keytype and then fails.
It seems that an appropriate fix would be to check in readServiceKey()
that the key being returned is one that can be supported instead
just getting the last key in the keytab.