Actually I spoke too soon, I do know how to reproduce the
"pre-authentication" error. Simply uncomment the line
"kerbyServer.setInnerKdcImpl(new NettyKdcServerImpl());" in the test. If I
put a printStackTrace in the NettyKdcServerImpl, I see:
Error occured while processing request:Generic error (description in e-text)
SocketTimeOutException with attempt: 2
>>> KDCCommunication: kdc=127.0.0.1 TCP:9002, timeout=30000,Attempt =3,
#bytes=169
Apr 21, 2015 11:33:05 AM io.netty.util.internal.logging.Slf4JLogger info
INFO: [id: 0xea7673e9, /0:0:0:0:0:0:0:0:9002] RECEIVED: [id: 0xbfe95a70, /
127.0.0.1:43973 => /127.0.0.1:9002]
org.apache.kerby.kerberos.kerb.KrbErrorException: Generic error
(description in e-text)
at
org.apache.kerby.kerberos.kerb.server.request.KdcRequest.preauth(KdcRequest.java:255)
at
org.apache.kerby.kerberos.kerb.server.request.KdcRequest.process(KdcRequest.java:94)
at
org.apache.kerby.kerberos.kerb.server.KdcHandler.handleMessage(KdcHandler.java:77)
Colm.
On Tue, Apr 21, 2015 at 11:29 AM, Colm O hEigeartaigh <[email protected]>
wrote:
> Hi Kai,
>
> Thanks for your response. I have a test-case of sorts that shows the
> interop failure (although I can't reproduce the issue I reported yesterday
> about the preauthentication data).
>
>
> https://github.com/coheigea/testcases/tree/master/apache/cxf/cxf-kerberos-kerby
>
> Run it with "mvn clean install". You may need the install the parent
> module as well before running this, which is one level up.
>
> The test sets up a Kerby server, and I have a @Ignore'd test using Kerby
> client API to successfully communicate with it. Then I have a Apache
> CXF-based test which uses the Kerberos functionality here (based on GSS) to
> get a service ticket. If I put printStackTrace in the DefaultKdcHandler the
> output looks like:
>
> Loaded from Java config
> >>> KdcAccessibility: reset
> >>> KdcAccessibility: reset
> Using builtin default etypes for default_tkt_enctypes
> default etypes for default_tkt_enctypes: 18 17 16 23 1 3.
> >>> KrbAsReq creating message
> >>> KrbKdcReq send: kdc=127.0.0.1 TCP:9002, timeout=30000, number of
> retries =3, #bytes=169
> >>> KDCCommunication: kdc=127.0.0.1 TCP:9002, timeout=30000,Attempt =1,
> #bytes=169
> java.net.SocketTimeoutException: Read timed out
> at java.net.SocketInputStream.socketRead0(Native Method)
> at java.net.SocketInputStream.read(SocketInputStream.java:152)
> at java.net.SocketInputStream.read(SocketInputStream.java:122)
> at java.net.SocketInputStream.read(SocketInputStream.java:210)
> at java.io.DataInputStream.readInt(DataInputStream.java:387)
> at
> org.apache.kerby.kerberos.kerb.transport.KrbTcpTransport.receiveMessage(KrbTcpTransport.java:54)
> at
> org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandler.run(DefaultKdcHandler.java:46)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745)
> >>>DEBUG: TCPClient could not read length field
> >>> KrbKdcReq send: #bytes read=0
>
> Any ideas?
>
> Colm.
>
> On Tue, Apr 21, 2015 at 12:09 AM, Zheng, Kai <[email protected]> wrote:
>
>> Hi Colm,
>>
>>
>>
>> We haven’t any test for GSS client against Kerby yet, though we do have
>> tests in protocol level for ApReq (in kerb-core-test module). We might look
>> at existing ApacheDS Kerberos codes to see if any such end to end tests to
>> port.
>>
>>
>>
>> You’re right, current UDP support for KdcNetwork and NettyKdcNetwork are
>> to be done yet. I originally got them done some days ago, but recently I
>> was extremely busy with other projects, so kinds of delayed. Sure JIRAs
>> would be good to record them.
>>
>>
>>
>> For the issue you ran into, do you have test codes to repeat it, so we
>> may have the chance to look at it? Thanks.
>>
>>
>>
>> Regards,
>>
>> Kai
>>
>>
>>
>> *From:* Colm O hEigeartaigh [mailto:[email protected]]
>> *Sent:* Monday, April 20, 2015 10:40 PM
>> *To:* Apache Directory Developers List
>> *Subject:* Kerby GSS tests?
>>
>>
>>
>> Hi all,
>>
>>
>>
>> Are there any tests in the source (or has anyone successfully tested) a
>> Java GSS client -> Apache Kerby?
>>
>> The first issue I ran into was that neither the KdcNetwork nor the
>> NettyKdcNetwork work with UDP. Is there a JIRA for this (or any plans to
>> fix it)?
>>
>> I could work around the above by setting "udp_preference_limit = 1".
>> However, I then run into an issue where it fails due to no
>> pre-authentication data in the request. Are we sure that this parsing is
>> working correctly?
>>
>> Colm.
>>
>>
>>
>> --
>>
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
