[jira] [Commented] (DIRKRB-615) Can not connect to TCP simplekdc server

Tue, 29 Aug 2017 01:26:52 -0700 

    [ 
https://issues.apache.org/jira/browse/DIRKRB-615?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16144914#comment-16144914
 ] 

Jiajia Li commented on DIRKRB-615:
----------------------------------

[~jzhuge], I've tested, there is no problem in CentOS and with the same problem 
on Mac. By default Heimdal will attempt to communicate with KDC over UDP, and 
won't retry TCP after UDP failed. It's the issue in client side, so I suggest 
you can use the Kerby kinit.

> Can not connect to TCP simplekdc server
> ---------------------------------------
>
>                 Key: DIRKRB-615
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-615
>             Project: Directory Kerberos
>          Issue Type: Bug
>    Affects Versions: 1.0.0-RC2
>         Environment: $ mvn -version
> Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5; 
> 2015-11-10T08:41:47-08:00)
> Maven home: /Users/jzhuge/apache-maven-3.3.9
> Java version: 1.8.0_131, vendor: Oracle Corporation
> Java home: 
> /Library/Java/JavaVirtualMachines/jdk1.8.0_131.jdk/Contents/Home/jre
> Default locale: en_US, platform encoding: UTF-8
> OS name: "mac os x", version: "10.12.6", arch: "x86_64", family: "mac"
> $ sw_vers
> ProductName:  Mac OS X
> ProductVersion:       10.12.6
> BuildVersion: 16G29
>            Reporter: John Zhuge
>            Assignee: Jiajia Li
>
> Started a simplekdc server which generated the following krb5.conf:
> {code}
> [libdefaults]
>     kdc_realm = EXAMPLE.COM
>     default_realm = EXAMPLE.COM
>     udp_preference_limit = 1
>     kdc_tcp_port = 10088
>     #_KDC_UDP_PORT_
> [realms]
>     EXAMPLE.COM = {
>         kdc = localhost:10088
>     }
> {code}
> But kinit failed to connect to simplekdc server on Mac:
> {noformat} 
> $ kinit jzhuge
> [email protected]'s password: 
> kinit: krb5_get_init_creds: unable to reach any KDC in realm EXAMPLE.COM, 
> tried 1 KDC
> {noformat}
> Wireshark showed kinit used UDP, while simplekdc was configured with TCP. 
> Replaced the {{kdc}} option in krb5.conf with {{kdc = tcp/localhost:10088}}, 
> kinit was able to connect.
> Suggested fix:
> Add {{<service>/}} prefix to option {{kdc}} in the template 
> https://github.com/apache/directory-kerby/blob/trunk/kerby-kerb/kerb-simplekdc/src/main/resources/krb5-template.conf
>  and 
> https://github.com/apache/directory-kerby/blob/trunk/kerby-kerb/kerb-simplekdc/src/main/resources/krb5_udp-template.conf.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to