Le 5/20/13 8:25 PM, Stefan Seelmann a écrit : > On 20.05.2013 09:42, Emmanuel Lécharny wrote: >> Le 5/20/13 8:54 AM, Stefan Seelmann a écrit : >>> Hi Emmanuel, >>> >>> On 20.05.2013 08:35, Emmanuel Lécharny wrote: >>>> So the problem appears to be that we create an entry which >>>> KerberosPrincipal is ldap/[email protected], but for some unknown >>>> reason, we are looking for an entry which kerberos principal is >>>> ldap/[email protected]. >>>> >>>> It looks like that there is some name resolution occuring somewhere on >>>> Mac OSX... Either we don't store the correct KerberosPrincipal, or we >>>> have a conversion we don't asked for. >>>> >>>> I'm investigating... >>>> >>> Please check the constructor of SaslBindIT. I remember that I added some >>> magic code to detect how the machine resolves 127.0.0.1 because Windows >>> 7 made some trouble. >> Yes, saw that. >> >> I just committed some code that fixes the issue on Mac OSX, it would be >> cool to check if it still works on windows and linux ! >> See >> >> http://svn.apache.org/r1484387 >> > On Windows two GSSAPI SASL bind tests fail: > https://builds.apache.org/job/dir-apacheds-jdk16-win/399/ > > > On my Linux machine the SaslBindIT.testSaslGssApiBind() fails also. If I > debug into TicketGrantingService,getRequestPrincipalEntry() the > tgsContext.getRequest().getKdcReqBody().getSName() contains > "localhost.localdomain". I checked my /etc/hosts and there I have the > following entry: > > 127.0.0.1 localhost.localdomain localhost > > > When I change that entry to the following the test works. > > 127.0.0.1 localhost > > > When I revert your commit the test also works as > InetAddress.getByName("127.0.0.1").getHostName() returns > "localhost.localdomain" > > > Can you please check your /etc/hosts if you have an entry for 127.0.0.1?
Here is what I have : 127.0.0.1 localhost > > More important: Somewhere in the production code the IP 127.0.0.1 is > resolved to "localhost.localdomain" or whatever /etc/hosts contains. > Where does that happen? Does the KRB client does that and sends the > resolved name to the server? Or does the server resolve the name when a > connection is made? In the end the principal name contains > "localhost.localdomain". I think to have a stable test the test setup > needs to use the same mechanism to lookup the hostname as the production > code. The thing is that I think that the conversion to ldaphost is done internaly but some of the JDK code. It was working fine before I upgraded my JVM. This is not cristal clear to me... I will investigate more deeply tomorrow. Thanks for the feedback Stefan ! -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
