[
https://issues.apache.org/jira/browse/DIRKRB-614?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bolke de Bruin updated DIRKRB-614:
----------------------------------
Description:
I am using simplekdc wrapped in an application to allow CI for Apache Airflow.
While testing I found out that on my development system (OS X - Heimdal with
MIT Shim) everything worked fine, but when moving over to the CI (MIT) system
it stopped working with the following error.
{code}
2016-11-26 17:08:51,974 ERROR [pool-1-thread-3] impl.DefaultKdcHandler: Error
occured while processing request:
org.apache.kerby.kerberos.kerb.KrbException: Decoding failed
at org.apache.kerby.kerberos.kerb.KrbCodec.decode(KrbCodec.java:85)
at org.apache.kerby.kerberos.kerb.KrbCodec.decode(KrbCodec.java:70)
at
org.apache.kerby.kerberos.kerb.server.request.KdcRequest.kdcFindFast(KdcRequest.java:208)
at
org.apache.kerby.kerberos.kerb.server.request.KdcRequest.process(KdcRequest.java:168)
at
org.apache.kerby.kerberos.kerb.server.KdcHandler.handleMessage(KdcHandler.java:115)
at
org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandler.handleMessage(DefaultKdcHandler.java:67)
at
org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandler.run(DefaultKdcHandler.java:52)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: Unexpected item context [0] [tag=0xA0, off=0,
len=3+198], expecting 0x30
at
org.apache.kerby.asn1.type.Asn1Encodeable.decode(Asn1Encodeable.java:210)
at
org.apache.kerby.asn1.type.Asn1Encodeable.decode(Asn1Encodeable.java:197)
at org.apache.kerby.kerberos.kerb.KrbCodec.decode(KrbCodec.java:83)
... 9 more
{code}
Digging in with Wireshark showed that the MIT libraries are sending extra
PAData which makes Kerby not respond (Wireshark records this as "Unknown 136").
This behavior can be replicated by using "kvno".
Heimdal on OSX does not send this and gets a response.
was:
I am using simplekdc wrapped in an application to allow CI for Apache Airflow.
While testing I found out that on my development system (OS X - Heimdal with
MIT Shim) everything worked fine, but when moving over to the CI (MIT) system
it stopped working with the following error.
`
2016-11-26 17:08:51,974 ERROR [pool-1-thread-3] impl.DefaultKdcHandler: Error
occured while processing request:
org.apache.kerby.kerberos.kerb.KrbException: Decoding failed
at org.apache.kerby.kerberos.kerb.KrbCodec.decode(KrbCodec.java:85)
at org.apache.kerby.kerberos.kerb.KrbCodec.decode(KrbCodec.java:70)
at
org.apache.kerby.kerberos.kerb.server.request.KdcRequest.kdcFindFast(KdcRequest.java:208)
`
Digging in with Wireshark showed that the MIT libraries are sending extra
PAData which makes Kerby not respond (Wireshark records this as "Unknown 136").
This behavior can be replicated by using "kvno".
Heimdal on OSX does not send this and gets a response.
> Kerby (simplekdc) errors on extra PADATA send by MIT kvno
> ----------------------------------------------------------
>
> Key: DIRKRB-614
> URL: https://issues.apache.org/jira/browse/DIRKRB-614
> Project: Directory Kerberos
> Issue Type: Bug
> Affects Versions: 1.0.0-RC2
> Environment: SimpleKDC
> Reporter: Bolke de Bruin
>
> I am using simplekdc wrapped in an application to allow CI for Apache Airflow.
> While testing I found out that on my development system (OS X - Heimdal with
> MIT Shim) everything worked fine, but when moving over to the CI (MIT) system
> it stopped working with the following error.
> {code}
> 2016-11-26 17:08:51,974 ERROR [pool-1-thread-3] impl.DefaultKdcHandler: Error
> occured while processing request:
> org.apache.kerby.kerberos.kerb.KrbException: Decoding failed
> at org.apache.kerby.kerberos.kerb.KrbCodec.decode(KrbCodec.java:85)
> at org.apache.kerby.kerberos.kerb.KrbCodec.decode(KrbCodec.java:70)
> at
> org.apache.kerby.kerberos.kerb.server.request.KdcRequest.kdcFindFast(KdcRequest.java:208)
> at
> org.apache.kerby.kerberos.kerb.server.request.KdcRequest.process(KdcRequest.java:168)
> at
> org.apache.kerby.kerberos.kerb.server.KdcHandler.handleMessage(KdcHandler.java:115)
> at
> org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandler.handleMessage(DefaultKdcHandler.java:67)
> at
> org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandler.run(DefaultKdcHandler.java:52)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: java.io.IOException: Unexpected item context [0] [tag=0xA0, off=0,
> len=3+198], expecting 0x30
> at
> org.apache.kerby.asn1.type.Asn1Encodeable.decode(Asn1Encodeable.java:210)
> at
> org.apache.kerby.asn1.type.Asn1Encodeable.decode(Asn1Encodeable.java:197)
> at org.apache.kerby.kerberos.kerb.KrbCodec.decode(KrbCodec.java:83)
> ... 9 more
> {code}
> Digging in with Wireshark showed that the MIT libraries are sending extra
> PAData which makes Kerby not respond (Wireshark records this as "Unknown
> 136"). This behavior can be replicated by using "kvno".
> Heimdal on OSX does not send this and gets a response.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
