[
https://issues.apache.org/jira/browse/DIRSERVER-2327?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh updated DIRSERVER-2327:
-------------------------------------------
Key: DIRSERVER-2327 (was: DIRKRB-744)
Project: Directory ApacheDS (was: Directory Kerberos)
> Add possibility to use custom ReplayCache implementation
> --------------------------------------------------------
>
> Key: DIRSERVER-2327
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2327
> Project: Directory ApacheDS
> Issue Type: Improvement
> Reporter: Josef Cacek
> Priority: Major
>
> Add the possibility to configure the ReplayCache implementation (or disable
> replay cache) in KDC.
> When the KdcServer is used in embedded tests, and tests run in parallel, they
> intermittently fail with "Request is a replay (34) - Request is a replay".
> I saw the problematic behavior in JBoss AS testsuite:
> [https://issues.redhat.com/browse/JBPAPP-10974]
>
> And also in Hazelcast Enterprise tests:
> [https://github.com/hazelcast/hazelcast-enterprise/issues/3646]
>
> JBoss resolves it by injecting dummy ReplayCache implementation by using
> reflection: [https://source.jboss.org/changelog/JBossAS6?cs=114679&_sscc=t]
>
> We will probably disable parallel test execution in Hazelcast to workaround
> it.
> It would be great to have a possibility to configure the implementing class
> in the {{@CreateKdcServer annotation.}}
> h3. {{Stacktrace from a failing test}}
>
> {{KrbException: Request is a replay (34) - Request is a replayKrbException:
> Request is a replay (34) - Request is a replay at
> java.security.jgss/sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:73) at
> java.security.jgss/sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:250)
> at
> java.security.jgss/sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:261)
> at
> java.security.jgss/sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:308)
> at
> java.security.jgss/sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:126)
> at
> java.security.jgss/sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:458)
> at
> java.security.jgss/sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:695)
> at
> java.security.jgss/sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:265)
> at
> java.security.jgss/sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:196)
> at
> com.hazelcast.security.impl.KerberosCredentialsFactory.createTokenCredentials(KerberosCredentialsFactory.java:163)
> at
> com.hazelcast.security.impl.KerberosCredentialsFactory.lambda$0(KerberosCredentialsFactory.java:127)
> at java.base/java.security.AccessController.doPrivileged(Native Method) at
> java.base/javax.security.auth.Subject.doAs(Subject.java:361) at
> com.hazelcast.security.impl.KerberosCredentialsFactory.newCredentials(KerberosCredentialsFactory.java:127)
> at
> com.hazelcast.security.impl.KerberosCredentialsFactory.newCredentials(KerberosCredentialsFactory.java:148)
> at
> com.hazelcast.security.loginimpl.GssApiLoginModuleTest.getKerberosCredentials(GssApiLoginModuleTest.java:169)
> at
> com.hazelcast.security.loginimpl.GssApiLoginModuleTest.testCutOffRealmFromName(GssApiLoginModuleTest.java:132)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method) at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:564) at
> org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
> at
> org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
> at
> org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
> at
> org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
> at
> com.hazelcast.test.FailOnTimeoutStatement$CallableStatement.call(FailOnTimeoutStatement.java:114)
> at
> com.hazelcast.test.FailOnTimeoutStatement$CallableStatement.call(FailOnTimeoutStatement.java:1)
> at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at
> java.base/java.lang.Thread.run(Thread.java:844)Caused by: KrbException:
> Identifier doesn't match expected value (906) at
> java.security.jgss/sun.security.krb5.internal.KDCRep.init(KDCRep.java:140) at
> java.security.jgss/sun.security.krb5.internal.TGSRep.init(TGSRep.java:65) at
> java.security.jgss/sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:60)
> at java.security.jgss/sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:55)
> ... 28 more}}{{ }}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
