Added "EXAMPLE.COM localhost" to /etc/hosts so now i can ping EXAMPLE.COM, but still no luck.
I did notice that when i call kdcServer.isStarted() in my test, that it will always return false. It seems that the method that kdcServer.start(); is not correctly setting the started flag. I tried manually kdcServer.stop(); then kdcServer.start(); as another check. Is there any way to connect to the kdc other than just trying to kinit? Any other thoughts? On Thu, Apr 10, 2014 at 4:57 AM, Kiran Ayyagari <[email protected]>wrote: > > > > On Thu, Apr 10, 2014 at 1:14 AM, Josh Clum <[email protected]> wrote: > >> Hi, >> >> I'm trying to set up an IT for one of my classes that inherits from using >> the AbstractKerberosITest inside of apacheds-kerberos-test. >> >> Here are the annotations on my class: >> >> @RunWith(FrameworkRunner.class) >> @CreateDS(name = "KerberosTcpIT-class", >> partitions = { >> @CreatePartition(name = "example", suffix = "dc=example,dc=com")}, >> additionalInterceptors = { KeyDerivationInterceptor.class }) >> @CreateLdapServer(transports = { @CreateTransport(protocol = "LDAP") }) >> @CreateKdcServer(transports = { @CreateTransport( protocol = "TCP", >> port = 6089) }) >> >> @ApplyLdifFiles("org/apache/directory/server/kerberos/kdc/KerberosIT.ldif") >> >> >> AbstractKerberosITest generates a krb5.conf that looks like this: >> >> [libdefaults] >> default_realm = EXAMPLE.COM >> default_tkt_enctypes = des3-cbc-sha1 >> default_tgs_enctypes = des3-cbc-sha1 >> permitted_enctypes = des3-cbc-sha1 >> default-checksum_type = hmac-sha1-des3 >> udp_preference_limit = 1 >> [realms] >> EXAMPLE.COM = { >> kdc = localhost:6089 >> } >> [domain_realm] >> .example.com = EXAMPLE.COM >> example.com = EXAMPLE.COM >> >> To kinit, I'm using this command (hnelson is automatically added by >> AbstractKerberosITest): >> >> env KRB5_CONFIG=/path/to/krb5.conf kinit -k -t /path/to/hnelson.keytab >> [email protected] >> >> And I get this error: >> >> kinit: krb5_get_init_creds: unable to reach any KDC in realm >> EXAMPLE.COM >> >> The kdc seems to running just fine: >> >> ➜ ~ lsof -i :6089 >> COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME >> java 98545 clumjo 201u IPv6 0x3b381b5f4ac2a677 0t0 TCP >> localhost:6089 (LISTEN) >> ➜ ~ telnet localhost 6089 >> Trying ::1... >> telnet: connect to address ::1: Connection refused >> Trying 127.0.0.1... >> Connected to localhost. >> >> Do you have any thoughts as to what might be wrong? >> >> nope, am able to get the ticket using the same config (but with a > standalone server) > looks like some DNS issue, can you map EXAMPLE.COM to loopback address > in your hosts file and see > >> Thanks, >> >> Josh >> >> > > > -- > Kiran Ayyagari > http://keydap.com >
