Hi Kai, Thanks for your response. I have a test-case of sorts that shows the interop failure (although I can't reproduce the issue I reported yesterday about the preauthentication data).
https://github.com/coheigea/testcases/tree/master/apache/cxf/cxf-kerberos-kerby Run it with "mvn clean install". You may need the install the parent module as well before running this, which is one level up. The test sets up a Kerby server, and I have a @Ignore'd test using Kerby client API to successfully communicate with it. Then I have a Apache CXF-based test which uses the Kerberos functionality here (based on GSS) to get a service ticket. If I put printStackTrace in the DefaultKdcHandler the output looks like: Loaded from Java config >>> KdcAccessibility: reset >>> KdcAccessibility: reset Using builtin default etypes for default_tkt_enctypes default etypes for default_tkt_enctypes: 18 17 16 23 1 3. >>> KrbAsReq creating message >>> KrbKdcReq send: kdc=127.0.0.1 TCP:9002, timeout=30000, number of retries =3, #bytes=169 >>> KDCCommunication: kdc=127.0.0.1 TCP:9002, timeout=30000,Attempt =1, #bytes=169 java.net.SocketTimeoutException: Read timed out at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.read(SocketInputStream.java:152) at java.net.SocketInputStream.read(SocketInputStream.java:122) at java.net.SocketInputStream.read(SocketInputStream.java:210) at java.io.DataInputStream.readInt(DataInputStream.java:387) at org.apache.kerby.kerberos.kerb.transport.KrbTcpTransport.receiveMessage(KrbTcpTransport.java:54) at org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandler.run(DefaultKdcHandler.java:46) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) >>>DEBUG: TCPClient could not read length field >>> KrbKdcReq send: #bytes read=0 Any ideas? Colm. On Tue, Apr 21, 2015 at 12:09 AM, Zheng, Kai <[email protected]> wrote: > Hi Colm, > > > > We haven’t any test for GSS client against Kerby yet, though we do have > tests in protocol level for ApReq (in kerb-core-test module). We might look > at existing ApacheDS Kerberos codes to see if any such end to end tests to > port. > > > > You’re right, current UDP support for KdcNetwork and NettyKdcNetwork are > to be done yet. I originally got them done some days ago, but recently I > was extremely busy with other projects, so kinds of delayed. Sure JIRAs > would be good to record them. > > > > For the issue you ran into, do you have test codes to repeat it, so we may > have the chance to look at it? Thanks. > > > > Regards, > > Kai > > > > *From:* Colm O hEigeartaigh [mailto:[email protected]] > *Sent:* Monday, April 20, 2015 10:40 PM > *To:* Apache Directory Developers List > *Subject:* Kerby GSS tests? > > > > Hi all, > > > > Are there any tests in the source (or has anyone successfully tested) a > Java GSS client -> Apache Kerby? > > The first issue I ran into was that neither the KdcNetwork nor the > NettyKdcNetwork work with UDP. Is there a JIRA for this (or any plans to > fix it)? > > I could work around the above by setting "udp_preference_limit = 1". > However, I then run into an issue where it fails due to no > pre-authentication data in the request. Are we sure that this parsing is > working correctly? > > Colm. > > > > -- > > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
