On 22 nov. 2011, at 14:56, Alex Karasulu wrote: > On Tue, Nov 22, 2011 at 3:14 PM, Pierre-Arnaud Marcelot <[email protected]> > wrote: >> On 22 nov. 2011, at 14:11, Alex Karasulu wrote: >> >> On Tue, Nov 22, 2011 at 3:04 PM, Pierre-Arnaud Marcelot <[email protected]> >> wrote: >>> >>> Hi Alex, >>> >>> I remember having dealt with something similar recently with a user on >>> IRC. >>> >>> Turns out its /etc/krb5.conf file contained wrong values, if I recall >>> correctly. >>> >>> You might also make sure you have the 'krb5-user' package installed via >>> apt-get. >>> >> >> Hey thanks for the heads up and I did this installing all the packages >> needed yet got the same error in the end. :/ >> I even restarted my session just in case something was getting cached in the >> env. >> Any other ideas? >> >> What's the content of your krb5.conf file? >> Regards, >> Pierre-Arnaud > > Seems I have some commented out encryption types here: > > # Thie only time when you might need to uncomment these lines and change > # the enctypes is if you have local software that will break on ticket > # caches containing ticket encryption types it doesn't know about (such as > # old versions of Sun Java). > > # default_tgs_enctypes = des3-hmac-sha1 > # default_tkt_enctypes = des3-hmac-sha1 > # permitted_enctypes = des3-hmac-sha1 > > Did you add any to the default enc types to get this working?
ApacheDS's default (and maybe only supported?) encryption types are 'des-cbc-md5'. Maybe it has something to do with that. I don't know which one is used on Mac OS X… I don't have any file under '/etc/krb5.conf'. Yet again, some OS X specific things here... > Even if this fixes this issue shouldn't we really leave this test for > runs in controlled environments so users don't see things blow up > without the proper configuration? > > Maybe we should have a profile specifically for tests run in our CI > environment verses when users run the tests? Probably, as it seems to commonly fail on a latest version of Ubuntu (since you're not the only one to report this). Regards, Pierre-Arnaud > Thanks, > Alex > >> Thanks, >> Alex >> >>> >>> On 22 nov. 2011, at 13:54, Alex Karasulu wrote: >>> >>>> Hi all, >>>> >>>> Seems I'm getting the following failure with the kerberos-test module in >>>> the apacheds trunk due to a lack of supported encryption types when using >>>> the JDK Krb5 login module. The build is on an Ubuntu machine: >>>> >>>> akarasulu@stein:~$ cat /etc/lsb-release >>>> DISTRIB_ID=Ubuntu >>>> DISTRIB_RELEASE=11.10 >>>> DISTRIB_CODENAME=oneiric >>>> DISTRIB_DESCRIPTION="Ubuntu 11.10" >>>> >>>> with the following Maven + Java setup: >>>> >>>> akarasulu@stein:~$ mvn -v >>>> Apache Maven 3.0.3 (r1075438; 2011-02-28 19:31:09+0200) >>>> Maven home: /opt/tools/maven/default >>>> Java version: 1.6.0_26, vendor: Sun Microsystems Inc. >>>> Java home: /usr/lib/jvm/java-6-sun-1.6.0.26/jre >>>> Default locale: en_US, platform encoding: UTF-8 >>>> OS name: "linux", version: "3.0.0-12-generic", arch: "amd64", family: >>>> "unix" >>>> >>>> Here's the failing test: >>>> >>>> >>>> org.apache.directory.server.kerberos.kdc.KerberosTcpITest.testObtainTickets_AES256() >>>> >>>> ... and the stack trace ... >>>> >>>> <testcase time="0.05" >>>> classname="org.apache.directory.server.kerberos.kdc.KerberosTcpITest" >>>> name="testObtainTickets_AES256"> >>>> <error message="No supported encryption types listed in >>>> default_tkt_enctypes" >>>> type="javax.security.auth.login.LoginException">javax.security.auth.login.LoginException: >>>> No supported encryption types listed in default_tkt_enctypes >>>> at >>>> com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:696) >>>> at >>>> com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542) >>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>> at >>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >>>> at >>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >>>> at java.lang.reflect.Method.invoke(Method.java:597) >>>> at >>>> javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) >>>> at >>>> javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) >>>> at >>>> javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) >>>> at java.security.AccessController.doPrivileged(Native Method) >>>> at >>>> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) >>>> at >>>> javax.security.auth.login.LoginContext.login(LoginContext.java:579) >>>> at >>>> org.apache.directory.server.kerberos.kdc.KerberosTestUtils.obtainTGT(KerberosTestUtils.java:295) >>>> at >>>> org.apache.directory.server.kerberos.kdc.AbstractKerberosITest.testObtainTickets(AbstractKerberosITest.java:121) >>>> at >>>> org.apache.directory.server.kerberos.kdc.KerberosTcpITest.testObtainTickets_AES256(KerberosTcpITest.java:130) >>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>> >>>> SNIP ... >>>> >>>> Caused by: KrbException: No supported encryption types listed in >>>> default_tkt_enctypes >>>> at >>>> sun.security.krb5.internal.crypto.EType.getDefaults(EType.java:221) >>>> at sun.security.krb5.KrbAsReq.init(KrbAsReq.java:335) >>>> at sun.security.krb5.KrbAsReq.<init>(KrbAsReq.java:259) >>>> at sun.security.krb5.KrbAsReq.<init>(KrbAsReq.java:61) >>>> at >>>> sun.security.krb5.Credentials.sendASRequest(Credentials.java:391) >>>> at >>>> sun.security.krb5.Credentials.acquireTGT(Credentials.java:350) >>>> at >>>> com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:662) >>>> ... 49 more >>>> >>>> So what should we do because this test will always fail on this Jvm? >>>> Should I just ignore it until a reliable test is created? >>>> >>>> -- >>>> Best Regards, >>>> -- Alex >>>> >>> >> >> >> >> -- >> Best Regards, >> -- Alex >> >> > > > > -- > Best Regards, > -- Alex
