Bolke de Bruin created DIRKRB-614:
-------------------------------------
Summary: Kerby (simplekdc) errors on extra PADATA send by MIT kvno
Key: DIRKRB-614
URL: https://issues.apache.org/jira/browse/DIRKRB-614
Project: Directory Kerberos
Issue Type: Bug
Affects Versions: 1.0.0-RC2
Environment: SimpleKDC
Reporter: Bolke de Bruin
I am using simplekdc wrapped in an application to allow CI for Apache Airflow.
While testing I found out that on my development system (OS X - Heimdal with
MIT Shim) everything worked fine, but when moving over to the CI (MIT) system
it stopped working with the following error.
`
2016-11-26 17:08:51,974 ERROR [pool-1-thread-3] impl.DefaultKdcHandler: Error
occured while processing request:
org.apache.kerby.kerberos.kerb.KrbException: Decoding failed
at org.apache.kerby.kerberos.kerb.KrbCodec.decode(KrbCodec.java:85)
at org.apache.kerby.kerberos.kerb.KrbCodec.decode(KrbCodec.java:70)
at
org.apache.kerby.kerberos.kerb.server.request.KdcRequest.kdcFindFast(KdcRequest.java:208)
`
Digging in with Wireshark showed that the MIT libraries are sending extra
PAData which makes Kerby not respond (Wireshark records this as "Unknown 136").
This behavior can be replicated by using "kvno".
Heimdal on OSX does not send this and gets a response.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
