Hi Kai,
If I enable UDP with the default Transport, I can get a ticket fine using
kinit. However then the following error pops up in the window I'm running
Kerby in (as a test):
Exception in thread "Thread-1" java.lang.RuntimeException: Error occured
while checking udp connections
at
org.apache.kerby.kerberos.kerb.transport.KdcNetwork.run(KdcNetwork.java:105)
at
org.apache.kerby.kerberos.kerb.transport.KdcNetwork.access$000(KdcNetwork.java:39)
at
org.apache.kerby.kerberos.kerb.transport.KdcNetwork$1.run(KdcNetwork.java:75)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.nio.channels.ClosedChannelException
at
sun.nio.ch.DatagramChannelImpl.ensureOpen(DatagramChannelImpl.java:320)
at sun.nio.ch.DatagramChannelImpl.receive(DatagramChannelImpl.java:331)
at
org.apache.kerby.kerberos.kerb.transport.KdcNetwork.checkUdpMessage(KdcNetwork.java:132)
at
org.apache.kerby.kerberos.kerb.transport.KdcNetwork.run(KdcNetwork.java:101)
Colm.
On Fri, May 5, 2017 at 5:56 PM, Zheng, Kai <[email protected]> wrote:
> Colm, did you see udp problem now instead? I'm a little confused. Udp is
> sure supported but may not be enabled by default, which should be okay,
> imo. Thanks.
>
> Sent from iPhone
>
> > 在 2017年5月6日,上午12:02,Colm O hEigeartaigh <[email protected]> 写道:
> >
> > That's probably it. Why does the default transport not support UDP in
> Kerby?
> >
> > Colm.
> >
> >> On Fri, May 5, 2017 at 4:54 PM, Li, Jiajia <[email protected]> wrote:
> >>
> >> Are you sure add kdc_allow_udp = false in kdc.conf?
> >>
> >> Thanks
> >> Jiajia
> >>
> >> -----Original Message-----
> >> From: Colm O hEigeartaigh [mailto:[email protected]]
> >> Sent: Friday, May 5, 2017 11:41 PM
> >> To: Li, Jiajia <[email protected]>
> >> Cc: [email protected]; Zheng, Kai <[email protected]>;
> mailto:
> >> [email protected] <[email protected]>
> >> Subject: Re: MIT Kerberos compatibility
> >>
> >> Sorry, it was my error, UDP was actually enabled there. But why am I
> still
> >> seeing that error message?
> >>
> >> Colm.
> >>
> >>> On Fri, May 5, 2017 at 4:39 PM, Li, Jiajia <[email protected]>
> wrote:
> >>>
> >>> Hi Colm,
> >>> I also test the Kerby KDC with kerby kint and MIT kinit, and only
> >>> listen the tcp port(disable udp), both got ticket successfully. But I
> >>> don't get the error message. Both krb.conf and kdc.conf should set udp
> >>> to be false, udp is enabled in default.
> >>>
> >>> Thanks
> >>> Jiajia
> >>>
> >>> -----Original Message-----
> >>> From: Colm O hEigeartaigh [mailto:[email protected]]
> >>> Sent: Friday, May 5, 2017 11:34 PM
> >>> To: [email protected]
> >>> Cc: Zheng, Kai <[email protected]>; mailto:[email protected] <
> >>> [email protected]>
> >>> Subject: Re: MIT Kerberos compatibility
> >>>
> >>> Hi Jiajia,
> >>>
> >>> If UDP is disabled and we don't use Netty, I can get a token
> >>> successfully via kinit. However I then see an error message in the
> Kerby
> >> console:
> >>>
> >>> Exception in thread "Thread-1" java.lang.RuntimeException: Error
> >>> occured while checking udp connections
> >>> at
> >>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork.run(
> >>> KdcNetwork.java:105)
> >>> at
> >>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork.
> >>> access$000(KdcNetwork.java:39)
> >>> at
> >>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork$1.
> >>> run(KdcNetwork.java:75)
> >>> at java.lang.Thread.run(Thread.java:748)
> >>> Caused by: java.nio.channels.ClosedChannelException
> >>> at
> >>> sun.nio.ch.DatagramChannelImpl.ensureOpen(
> DatagramChannelImpl.java:320)
> >>> at sun.nio.ch.DatagramChannelImpl.receive(
> >>> DatagramChannelImpl.java:331)
> >>> at
> >>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork.
> >>> checkUdpMessage(KdcNetwork.java:132)
> >>> at
> >>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork.run(
> >>> KdcNetwork.java:101)
> >>>
> >>> I'm not sure why we are seeing UDP errors when it's disabled?
> >>>
> >>> Colm.
> >>>
> >>>> On Fri, May 5, 2017 at 3:57 PM, Li, Jiajia <[email protected]>
> wrote:
> >>>>
> >>>> Hi Colm,
> >>>> The shell client can't connect to kdc if the UDP is disabled.
> >>>> We don't use Netty in default.
> >>>> What's your test-cases? The same as the Marc's?
> >>>>
> >>>> Thanks
> >>>> Jiajia
> >>>>
> >>>> -----Original Message-----
> >>>> From: Colm O hEigeartaigh [mailto:[email protected]]
> >>>> Sent: Friday, May 5, 2017 10:09 PM
> >>>> To: [email protected]
> >>>> Cc: Zheng, Kai <[email protected]>; mailto:[email protected]
> >>>> < [email protected]>
> >>>> Subject: Re: MIT Kerberos compatibility
> >>>>
> >>>> Hi Jiajia,
> >>>>
> >>>> What are the issues if UDP is disabled and we don't use Netty? I
> >>>> tried doing this with my own test-cases and it didn't work, so it
> >>>> would be good to get this fixed soon.
> >>>>
> >>>> Colm.
> >>>>
> >>>> On Fri, May 5, 2017 at 2:46 PM, Li, Jiajia <[email protected]>
> >> wrote:
> >>>>
> >>>>> Hi Marc,
> >>>>>>>> - your KRB5 tracing looks quite different. What OS and
> >>>>>>>> mit-kerberos
> >>>>> version did you use?
> >>>>> I use mac os and the python version is 2.7.10
> >>>>>
> >>>>>>>> - your KRB5 tracing shows UDP comms between kerberos client and
> >>>>>>>> KDC,
> >>>>> despite the allowUDP = false setting
> >>>>>>>> in my test. I did this setting because I get different
> >>>>>>>> problems
> >>>>> without it, see the additional logs below. So,
> >>>>>>>> we must also be aware of networking problems at my side.
> >>>>> I enable the UDP and use netty network, there are some issues if
> >>>>> UDP disabled, you can create a JIRA for this and we can fix this
> >>>>> issue in the next release version.
> >>>>>
> >>>>> The changes in my side as following:
> >>>>>
> >>>>> protected boolean allowUdp() {
> >>>>> return true;
> >>>>> }
> >>>>> @Override
> >>>>> protected void prepareKdc() throws KrbException {
> >>>>> getKdcServer().setInnerKdcImpl(
> >>>>> new NettyKdcServerImpl(getKdcServer().getKdcSetting()));
> >>>>> super.prepareKdc();
> >>>>> }
> >>>>>
> >>>>> Here is log of MitIssueTest:
> >>>>> [INFO] Running org.apache.kerby.kerberos.kerb.server.MitIssueTest
> >>>>> [nioEventLoopGroup-2-1] INFO
> >>>>> io.netty.handler.logging.LoggingHandler
> >>>>> -
> >>>>> [id: 0x2634fe6b] REGISTERED
> >>>>> [nioEventLoopGroup-2-1] INFO
> >>>>> io.netty.handler.logging.LoggingHandler
> >>>>> -
> >>>>> [id: 0x2634fe6b] BIND(0.0.0.0/0.0.0.0:53957)
> >>>>> [nioEventLoopGroup-2-1] INFO
> >>>>> io.netty.handler.logging.LoggingHandler -
> >>>>> [id: 0x2634fe6b, /0:0:0:0:0:0:0:0:53957] ACTIVE [main] INFO
> >>>>> org.apache.kerby.kerberos.kdc.impl.NettyKdcServerImpl - Netty kdc
> >>>>> server started.
> >>>>> [nioEventLoopGroup-2-1] INFO
> >>>>> io.netty.handler.logging.LoggingHandler
> >>>>> -
> >>>>> [id: 0x2634fe6b, /0:0:0:0:0:0:0:0:53957] RECEIVED: [id:
> >>>>> 0xdac7228b, /
> >>>>> 127.0.0.1:53961 => /127.0.0.1:53957]
> >>>>> [defaultEventExecutorGroup-4-1] INFO
> >>>>> org.apache.kerby.kerberos.kerb.server.request.AsRequest
> >>>>> - AS_REQ ISSUE: authtime 1493991123792,[email protected] for
> >>>>> krbtgt/ [email protected] [main] INFO
> >>>>> org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbClien
> >>>>> t
> >>>>> - Send to kdc success.
> >>>>> [main] INFO org.apache.kerby.kerberos.kerb.client.KrbClientBase -
> >>>>> Storing the tgt to the credential cache file.
> >>>>> [nioEventLoopGroup-5-1] INFO
> >>>>> org.apache.kerby.kerberos.kerb.server.request.KdcRequest
> >>>>> - The preauth data is empty.
> >>>>> [nioEventLoopGroup-5-1] INFO
> >>>>> org.apache.kerby.kerberos.kerb.server.KdcHandler
> >>>>> - KRB error occurred while processing request:Additional
> >>>>> pre-authentication required [nioEventLoopGroup-5-1] INFO
> >>>>> org.apache.kerby.kerberos.kerb.server.request.AsRequest
> >>>>> - AS_REQ ISSUE: authtime
> >>>>> 1493991123859,test-service/[email protected]
> >>>>> for krbtgt/[email protected]
> >>>>> [nioEventLoopGroup-5-1] INFO
> >>>>> org.apache.kerby.kerberos.kerb.server.request.TgsRequest
> >>>>> - TGS_REQ ISSUE: authtime 1493991142850,drankye for test-service/
> >>>>> [email protected]
> >>>>>
> >>>>> Thanks
> >>>>> Jiajia
> >>>>>
> >>>>> -----Original Message-----
> >>>>> From: Zheng, Kai
> >>>>> Sent: Friday, May 5, 2017 7:46 PM
> >>>>> To: [email protected]; Li, Jiajia <[email protected]>
> >>>>> Subject: RE: MIT Kerberos compatibility
> >>>>>
> >>>>> Hi Marc,
> >>>>>
> >>>>> Looks like this is quite environment related, could you fire an
> >>>>> issue for this? I would suggest we target it to 1.1.0, which can
> >>>>> be done in
> >>>> June.
> >>>>>
> >>>>> Regards,
> >>>>> Kai
> >>>>>
> >>>>> -----Original Message-----
> >>>>> From: Marc de Lignie [mailto:[email protected]]
> >>>>> Sent: Friday, May 05, 2017 4:44 PM
> >>>>> To: Li, Jiajia <[email protected]>
> >>>>> Cc: [email protected]
> >>>>> Subject: Re: MIT Kerberos compatibility
> >>>>>
> >>>>> Hi Jiajia,
> >>>>>
> >>>>> Great to read that you made progress on this issue and to see a
> >>>>> working config at your side. Below, I list my progress below (with
> >>>>> trunk merged into my MitIssue branch), but I am afraid we are not
> >>>>> done
> >>>> yet.
> >>>>>
> >>>>> Things that stand out:
> >>>>>
> >>>>> - the kdc decoding error is solved, relative to the logs without
> >>>>> your patch
> >>>>>
> >>>>> - your KRB5 tracing looks quite different. What OS and
> >>>>> mit-kerberos version did you use?
> >>>>>
> >>>>> - your KRB5 tracing shows UDP comms between kerberos client and
> >>>>> KDC, despite the allowUDP = false setting in my test. I did this
> >>>>> setting because I get different problems without it, see the
> >>>>> additional logs below. So, we must also be aware of networking
> >> problems at my side.
> >>>>>
> >>>>> - the "Response was not from master KDC" msg is not relevant; it
> >>>>> disappears if you manually add master_kdc to the realms section of
> >>>>> the krb5.conf
> >>>>>
> >>>>> I have no idea how to proceed from here, so that is why I just
> >>>>> document the status at my side and ask about your - apparently
> >>>>> working -
> >>>> config.
> >>>>>
> >>>>> Cheers, Marc
> >>>>>
> >>>>>
> >>>>> KDC logging with allowUDP = false:
> >>>>>
> >>>>> [INFO] Running org.apache.kerby.kerberos.kerb.server.MitIssueTest
> >>>>> [pool-1-thread-1] INFO
> >>>>> org.apache.kerby.kerberos.kerb.server.request.AsRequest - AS_REQ
> >>> ISSUE:
> >>>>> authtime 1493970789075,[email protected] for
> >>>>> krbtgt/[email protected] [main] INFO
> >>>>> org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbClien
> >>>>> t
> >>>>> - Send to kdc success.
> >>>>> [main] INFO org.apache.kerby.kerberos.kerb.client.KrbClientBase -
> >>>>> Storing the tgt to the credential cache file.
> >>>>> [pool-1-thread-1] INFO
> >>>>> org.apache.kerby.kerberos.kerb.server.request.KdcRequest - The
> >>>>> preauth data is empty.
> >>>>> [pool-1-thread-1] INFO
> >>>>> org.apache.kerby.kerberos.kerb.server.KdcHandler
> >>>>> - KRB error occurred while processing request:Additional
> >>>>> pre-authentication required [pool-1-thread-1] INFO
> >>>>> org.apache.kerby.kerberos.kerb.server.request.AsRequest - AS_REQ
> >>> ISSUE:
> >>>>> authtime 1493970789108,test-service/[email protected] for krbtgt/
> >>>>> [email protected] [pool-1-thread-1] INFO
> >>>>> org.apache.kerby.kerberos.kerb.server.request.KdcRequest
> >>>>> - Found fast padata and starting to process it.
> >>>>> [pool-1-thread-1] INFO
> >>>>> org.apache.kerby.kerberos.kerb.server.request.KdcRequest - Found
> >>>>> fast padata and starting to process it.
> >>>>>
> >>>>> Python script KRB5 tracing (MIT Kerberos 1.13.2 of Ubuntu Xenial)
> >>>>> with allowUDP = false:
> >>>>>
> >>>>> $ .
> >>>>> kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/
> >>>>> kerberos/kerb/server/MitIssueTest.sh
> >>>>> [25281] 1493970797.298753: Retrieving [email protected] from
> >>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with
> >> result:
> >>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not found
> >>>>> [25281]
> >>>>> 1493970797.298952: Retrieving [email protected] from
> >>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with
> >> result:
> >>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not found
> >>>>> [25281]
> >>>>> 1493970797.299106: Retrieving [email protected] from
> >>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with
> >> result:
> >>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not found
> >>>>> [25281]
> >>>>> 1493970797.299213: Retrieving [email protected] from
> >>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with
> >> result:
> >>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not found
> >>>>> [25281]
> >>>>> 1493970797.299323: Retrieving [email protected] from
> >>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with
> >> result:
> >>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not found
> >>>>> [25281]
> >>>>> 1493970797.299436: Retrieving [email protected] from
> >>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with
> >> result:
> >>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not found
> >>>>> [25281]
> >>>>> 1493970797.299545: Retrieving [email protected] from
> >>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with
> >> result:
> >>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not found
> >>>>> [25281]
> >>>>> 1493970797.299654: Retrieving [email protected] from
> >>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with
> >> result:
> >>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not found
> >>>>> kerberos.authGSSClientInit successful [25281] 1493970797.299922:
> >>>>> Getting credentials [email protected] -> test-service/localhost@
> >>>>> using ccache FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc
> >>>>> [25281] 1493970797.299945: Retrieving [email protected] ->
> >>>>> test-service/localhost@ from
> >>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc
> >>>>> with result:
> >>>>> -1765328243/Matching credential not found [25281] 1493970797.299959:
> >>>>> Retrying [email protected] -> test-service/[email protected] with
> >>>> result:
> >>>>> -1765328243/Matching credential not found [25281] 1493970797.299962:
> >>>>> Server has referral realm; starting with
> >>>>> test-service/[email protected] [25281]
> >>>>> 1493970797.299975: Retrieving [email protected] ->
> >>>>> krbtgt/[email protected] from
> >>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc
> >>>> with result:
> >>>>> 0/Success [25281] 1493970797.299979: Starting with TGT for client
> >>> realm:
> >>>>> [email protected] -> krbtgt/[email protected] [25281]
> >>> 1493970797.299981:
> >>>>> Requesting tickets for test-service/[email protected], referrals
> >>>>> on [25281] 1493970797.299994: Generated subkey for TGS request:
> >>>>> aes128-cts/1B9B [25281] 1493970797.300009: etypes requested in TGS
> >>>> request:
> >>>>> aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac, camellia128-cts,
> >>>>> camellia256-cts [25281] 1493970797.300054: Encoding request body
> >>>>> and padata into FAST request [25281] 1493970797.300080: Sending
> >>>>> request
> >>>>> (823 bytes) to TEST.COM [25281] 1493970797.300091: Resolving
> >>>>> hostname localhost [25281]
> >>>>> 1493970797.300136: Initiating TCP connection to stream
> >>>>> 127.0.0.1:34319
> >>>>> [25281] 1493970797.300191: Sending TCP request to stream
> >>>>> 127.0.0.1:34319 [25281] 1493970797.303610: Received answer (125
> >>>>> bytes) from stream
> >>>>> 127.0.0.1:34319
> >>>>> [25281] 1493970797.303618: Terminating TCP connection to stream
> >>>>> 127.0.0.1:34319
> >>>>> [25281] 1493970797.553126: Response was not from master KDC
> >>>>> [25281]
> >>>>> 1493970797.553198: TGS request result: -1765323383/Unknown code
> >>>>> krcM
> >>>>> 137 [25281] 1493970797.553234: Requesting tickets for
> >>>>> test-service/ [email protected], referrals off [25281]
> >> 1493970797.553273:
> >>>>> Generated subkey for TGS request: aes128-cts/94C6 [25281]
> >>> 1493970797.553323:
> >>>>> etypes requested in TGS request: aes256-cts, aes128-cts,
> >>>>> des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts [25281]
> >>>>> 1493970797.553436: Encoding request body and padata into FAST
> >>>>> request
> >>>> [25281] 1493970797.553532:
> >>>>> Sending request (823 bytes) to TEST.COM [25281] 1493970797.553567:
> >>>>> Resolving hostname localhost [25281] 1493970797.553745: Initiating
> >>>>> TCP connection to stream
> >>>>> 127.0.0.1:34319
> >>>>> [25281] 1493970797.553889: Sending TCP request to stream
> >>>>> 127.0.0.1:34319 [25281] 1493970797.558297: Received answer (125
> >>>>> bytes) from stream
> >>>>> 127.0.0.1:34319
> >>>>> [25281] 1493970797.558318: Terminating TCP connection to stream
> >>>>> 127.0.0.1:34319
> >>>>> [25281] 1493970797.561189: Response was not from master KDC
> >>>>> [25281]
> >>>>> 1493970797.561258: TGS request result: -1765323383/Unknown code
> >>>>> krcM
> >>>>> 137 ('First kerberos.authGSSClientStep not successful',
> >>>>> GSSError(('Unspecified GSS failure. Minor code may provide more
> >>>>> information', 851968), ('Unknown code krcM 137', -1765323383)))
> >>>>>
> >>>>>
> >>>>> KDC logging with allowUDP = true:
> >>>>>
> >>>>> [INFO] Running org.apache.kerby.kerberos.kerb.server.MitIssueTest
> >>>>> [pool-1-thread-1] INFO
> >>>>> org.apache.kerby.kerberos.kerb.server.request.AsRequest - AS_REQ
> >>> ISSUE:
> >>>>> authtime 1493972505784,[email protected] for
> >>>>> krbtgt/[email protected] [main] INFO
> >>>>> org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbClien
> >>>>> t
> >>>>> - Send to kdc success.
> >>>>> [main] INFO org.apache.kerby.kerberos.kerb.client.KrbClientBase -
> >>>>> Storing the tgt to the credential cache file.
> >>>>> [pool-1-thread-1] INFO
> >>>>> org.apache.kerby.kerberos.kerb.server.request.KdcRequest - The
> >>>>> preauth data is empty.
> >>>>> [pool-1-thread-1] INFO
> >>>>> org.apache.kerby.kerberos.kerb.server.KdcHandler
> >>>>> - KRB error occurred while processing request:Additional
> >>>>> pre-authentication required [pool-1-thread-2] INFO
> >>>>> org.apache.kerby.kerberos.kerb.server.request.AsRequest - AS_REQ
> >>> ISSUE:
> >>>>> authtime 1493972505948,test-service/[email protected] for krbtgt/
> >>>>> [email protected] Exception in thread "Thread-0"
> >>>>> java.lang.RuntimeException: Error occured while checking udp
> >>> connections
> >>>>> at
> >>>>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork.run(
> >>>>> KdcNetwork.java:105)
> >>>>> at
> >>>>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork.
> >>>>> access$000(KdcNetwork.java:39)
> >>>>> at
> >>>>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork$1.
> >>>>> run(KdcNetwork.java:75)
> >>>>> at java.lang.Thread.run(Thread.java:748)
> >>>>> Caused by: java.nio.channels.ClosedChannelException
> >>>>> at
> >>>>> sun.nio.ch.DatagramChannelImpl.ensureOpen(
> >>> DatagramChannelImpl.java:320)
> >>>>> at sun.nio.ch.DatagramChannelImpl.receive(
> >>>>> DatagramChannelImpl.java:331)
> >>>>> at
> >>>>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork.
> >>>>> checkUdpMessage(KdcNetwork.java:132)
> >>>>> at
> >>>>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork.run(
> >>>>> KdcNetwork.java:101)
> >>>>> ... 3 more
> >>>>>
> >>>>>
> >>>>> krb5.conf:
> >>>>>
> >>>>> [libdefaults]
> >>>>> kdc_realm = TEST.COM
> >>>>> default_realm = TEST.COM
> >>>>> udp_preference_limit = 4096
> >>>>> kdc_tcp_port = 37080
> >>>>> kdc_udp_port = 36525
> >>>>>
> >>>>> [realms]
> >>>>> TEST.COM = {
> >>>>> kdc = localhost:36525
> >>>>> }
> >>>>>
> >>>>> And port 36525 does not show up in `netstat -l` (while 37080 does)
> >>>>>
> >>>>>
> >>>>> Op 04-05-17 om 14:55 schreef Li, Jiajia:
> >>>>>> Hi Marc,
> >>>>>> I try to run your test(through applying your patch in the trunk)
> >>>>>> , I
> >>>>> think it's success now. Could you take some time to check about it?
> >>>>>> Here is the log:
> >>>>>>
> >>>>>> directory-kerby git:(trunk) ? .
> >>>>>> kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos
> >>>>>> /k
> >>>>>> er
> >>>>>> b/
> >>>>>> server/MitIssueTest.sh
> >>>>>> kerberos.authGSSClientInit successful
> >>>>>> 2017-05-04T20:44:06 set-error: -1765328234: entypes not
> >>>>>> supported
> >>>>>> 2017-05-04T20:44:06 set-error: -1765328243: Did not find
> >>>>>> credential for krb5_ccache_conf_data/realm-config@X-CACHECONF:
> >>>>>> in cache FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc
> >>>>>> 2017-05-04T20:44:06 set-error: -1765328243: Did not find
> >>>>>> credential for test-service/[email protected] in cache
> >>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc
> >>>>>> 2017-05-04T20:44:06 set-error: -1765328243: Did not find
> >>>>>> credential for
> >>>>>> krb5_ccache_conf_data/negative-cache/test-service\134/localhost\
> >>>>>> 13
> >>>>>> 4@
> >>>>>> TE
> >>>>>> ST.COM@X-CACHECONF: in cache
> >>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc
> >>>>>> 2017-05-04T20:44:06 set-error: -1765328243: Did not find
> >>>>>> credential for krb5_ccache_conf_data/lkdc-hostname@X-CACHECONF:
> >>>>>> in cache FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc
> >>>>>> 2017-05-04T20:44:06 set-error: -1765328243: Did not find
> >>>>>> credential for krb5_ccache_conf_data/sitename@X-CACHECONF: in
> >>>>>> cache FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc
> >>>>>> 2017-05-04T20:44:06 set-error: -1765328243: Did not find
> >>>>>> credential for test-service/[email protected] in cache
> >>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc
> >>>>>> 2017-05-04T20:44:06 set-error: -1765328234: Encryption type
> >>>>>> des-cbc-md5-deprecated not supported
> >>>>>> 2017-05-04T20:44:06 set-error: -1765328234: Encryption type
> >>>>>> des-cbc-md4-deprecated not supported
> >>>>>> 2017-05-04T20:44:06 set-error: -1765328234: Encryption type
> >>>>>> des-cbc-crc-deprecated not supported
> >>>>>> 2017-05-04T20:44:06 Trying to find service kdc for realm
> >>>>>> TEST.COM flags 0
> >>>>>> 2017-05-04T20:44:06 configuration file for realm TEST.COM found
> >>>>>> 2017-05-04T20:44:06 submissing new requests to new host
> >>>>>> 2017-05-04T20:44:06 host_create: setting hostname localhost
> >>>>>> 2017-05-04T20:44:06 connecting to host: udp ::1:52534
> >>>>>> (localhost)
> >>> tid:
> >>>>>> 00000001
> >>>>>> 2017-05-04T20:44:06 host_create: setting hostname localhost
> >>>>>> 2017-05-04T20:44:06 Queuing host in future (in 3s), its the 2
> >>>>>> address on the same name: udp 127.0.0.1:52534 (localhost) tid:
> >>>>>> 00000002
> >>>>>> 2017-05-04T20:44:06 writing packet: udp ::1:52534 (localhost) tid:
> >>>>>> 00000001
> >>>>>> 2017-05-04T20:44:06 reading packet: udp ::1:52534 (localhost) tid:
> >>>>>> 00000001
> >>>>>> 2017-05-04T20:44:06 host completed: udp ::1:52534 (localhost) tid:
> >>>>>> 00000001
> >>>>>> 2017-05-04T20:44:06 krb5_sendto_context TEST.COM done: 0 hosts 1
> >>>>>> packets 1 wc: 0.048927 nr: 0.000932 kh: 0.000814 tid: 00000002
> >>>>>> 2017-05-04T20:44:06 tkt: extract key 17/763641F3
> >>>>>> 2017-05-04T20:44:06 set-error: -1765328353: Decrypt integrity
> >>>>>> check failed for checksum type hmac-sha1-96-aes128, key type
> >>>>>> aes128-cts-hmac-sha1-96
> >>>>>> 2017-05-04T20:44:06 tkt: extract key 17/3084A95C
> >>>>>> 2017-05-04T20:44:06 krb5_get_credentials_with_flags: TEST.COM wc:
> >>>>>> 0.050317
> >>>>>> 2017-05-04T20:44:06 set-error: -1765328243: Did not find
> >>>>>> credential for krb5_ccache_conf_data/realm-config@X-CACHECONF:
> >>>>>> in cache FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc
> >>>>>> 2017-05-04T20:44:06 set-error: -1765328243: Did not find
> >>>>>> credential for
> >>>>>> krb5_ccache_conf_data/time-offset/test-service\134/
> >>> localhost\134@TEST.
> >>>>>> COM@X-CACHECONF: in cache
> >>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc
> >>>>>> 2017-05-04T20:44:06 Setting up PFS for auth context
> >>>>>> 2017-05-04T20:44:06 set-error: -1765328234: Encryption type
> >>>>>> des-cbc-md5-deprecated not supported
> >>>>>> 2017-05-04T20:44:06 set-error: -1765328234: Encryption type
> >>>>>> des-cbc-md4-deprecated not supported
> >>>>>> 2017-05-04T20:44:06 set-error: -1765328234: Encryption type
> >>>>>> des-cbc-crc-deprecated not supported First
> >>>>>> kerberos.authGSSClientStep successful
> >>>>>>
> >>>>>> Thanks
> >>>>>> Jiajia
> >>>>>>
> >>>>>> -----Original Message-----
> >>>>>> From: Zheng, Kai [mailto:[email protected]]
> >>>>>> Sent: Wednesday, May 3, 2017 7:29 PM
> >>>>>> To: [email protected]
> >>>>>> Subject: RE: MIT Kerberos compatibility
> >>>>>>
> >>>>>> Hi Marc,
> >>>>>>
> >>>>>> In case you're not aware of this, please check out the latest
> >>>>>> fix made
> >>>>> by Jiajia. We thought your case may be different, but would be
> >>>>> good to have a check before we can repeat/fix your case. Thanks.
> >>>>>> https://issues.apache.org/jira/browse/DIRKRB-625
> >>>>>>
> >>>>>> Regards,
> >>>>>> Kai
> >>>>>>
> >>>>>> -----Original Message-----
> >>>>>> From: Marc de Lignie [mailto:[email protected]]
> >>>>>> Sent: Sunday, April 30, 2017 7:45 PM
> >>>>>> To: [email protected]
> >>>>>> Subject: Re: MIT Kerberos compatibility
> >>>>>>
> >>>>>> Hi Kai,
> >>>>>>
> >>>>>> The terminal output below is for the latest MIT Kerberos 1.15.1
> >>>>>> (locally
> >>>>> built on Ubuntu Xenial). Before that, I also tested with the
> >>>>> default Xenial MIT Kerberos packages (1.13.2), with the same
> >>>>> result. I did not try earlier MIT Kerberos versions.
> >>>>>>
> >>>>>> Marc
> >>>>>>
> >>>>>> Op 29-04-17 om 21:42 schreef Marc de Lignie:
> >>>>>>> Hi Kai,
> >>>>>>>
> >>>>>>> Thanks for the response. I prepared a minimal config that
> >>>>>>> reproduces my problem.
> >>>>>>>
> >>>>>>> You can fetch the branch/commit from:
> >>>>>>> https://github.com/vtslab/directory-kerby/commits/MitIssue
> >>>>>>>
> >>>>>>> This is relative to RC2, but I also tried this on trunk for my
> >>>>>>> actual project.
> >>>>>>>
> >>>>>>> This config produces the debug and error messages below.
> >>>>>>>
> >>>>>>> 1. For the terminal with the bash + python script $ klist
> >>>>>>> Ticket
> >>>>>>> cache: FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc
> >>>>>>> Default principal: [email protected]
> >>>>>>>
> >>>>>>> Valid starting Expires Service principal
> >>>>>>> 29-04-17 21:07:39 30-04-17 05:07:39 krbtgt/[email protected]
> >>>>>>> renew until 29-04-17 21:07:39
> >>>>>>>
> >>>>>>> $ .
> >>>>>>> kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerbero
> >>>>>>> s/ ke rb / server/MitIssueTest.sh [15538] 1493491231.917606:
> >>>>>>> Retrieving [email protected] from
> >>>>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with
> >>>>>>> result:
> >>>>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not found
> >>>>>>> [15538]
> >>>>>>> 1493491231.917827: Retrieving [email protected] from
> >>>>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with
> >>>> result:
> >>>>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not found
> >>>>>>> kerberos.authGSSClientInit successful [15538] 1493491231.918185:
> >>>>>>> Getting credentials [email protected] -> test-service/localhost@
> >>>>>>> using ccache
> >>>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc
> >>>>>>> [15538] 1493491231.918210: Retrieving [email protected] ->
> >>>>>>> test-service/localhost@ from
> >>>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc with result:
> >>>>>>> -1765328243/Matching credential not found (filename:
> >>>>>>> kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc)
> >>>>>>> [15538] 1493491231.918226: Retrying [email protected] ->
> >>>>>>> test-service/[email protected] with result:
> >>>>>>> -1765328243/Matching credential not found (filename:
> >>>>>>> kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc)
> >>>>>>> [15538] 1493491231.918229: Server has referral realm; starting
> >>>>>>> with test-service/[email protected] [15538] 1493491231.918278:
> >>>>>>> Retrieving [email protected] -> krbtgt/[email protected] from
> >>>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc with result:
> >>>>>>> 0/Success
> >>>>>>> [15538] 1493491231.918281: Starting with TGT for client realm:
> >>>>>>> [email protected] -> krbtgt/[email protected] [15538]
> >>>>>>> 1493491231.918301: Requesting tickets for
> >>>>>>> test-service/[email protected], referrals on [15538]
> >>>>>>> 1493491231.918326: Generated subkey for TGS request:
> >>>>>>> aes128-cts/FA30
> >>>>>>> [15538] 1493491231.918359: etypes requested in TGS request:
> >>>>>>> aes256-cts, aes128-cts, aes256-sha2, aes128-sha2,
> >>>>>>> des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts
> >>>>>>> [15538]
> >>> 1493491231.918484:
> >>>>>>> Encoding request body and padata into FAST request [15538]
> >>>>>>> 1493491231.918541: Sending request (836 bytes) to TEST.COM
> >>>>>>> [15538]
> >>>>>>> 1493491231.918597: Resolving hostname localhost [15538]
> >>>>>>> 1493491231.918703: Initiating TCP connection to stream
> >>>>>>> 127.0.0.1:44292
> >>>>>>> [15538] 1493491231.918777: Sending TCP request to stream
> >>>>>>> 127.0.0.1:44292 [15538] 1493491231.922803: TCP error receiving
> >>>>>>> from stream
> >>>>>>> 127.0.0.1:44292: 104/Connection reset by peer [15538]
> >>>>>>> 1493491231.922812: Terminating TCP connection to stream
> >>>>>>> 127.0.0.1:44292
> >>>>>>> [15538] 1493491231.922858: Sending initial UDP request to dgram
> >>>>>>> 127.0.0.1:44292
> >>>>>>> ('First kerberos.authGSSClientStep not successful',
> >>>>>>> GSSError(('Unspecified GSS failure. Minor code may provide
> >>>>>>> more information', 851968), ("Cannot contact any KDC for realm
> >>>>>>> 'TEST.COM'",
> >>>>>>> -1765328228)))
> >>>>>>>
> >>>>>>> 2. For the terminal that runs mvn clean test
> >>>>>>> -Dtest=MitIssueTest Running
> >>>>>>> org.apache.kerby.kerberos.kerb.server.MitIssueTest
> >>>>>>> 2017-04-29 21:07:39,182 DEBUG [main] backend.
> >>> AbstractIdentityBackend:
> >>>>>>> initialize called
> >>>>>>> 2017-04-29 21:07:39,195 DEBUG [main] backend.
> >>> AbstractIdentityBackend:
> >>>>>>> getIdentity called, principalName = krbtgt/[email protected]
> >>>>>>> 2017-04-29 21:07:39,195 DEBUG [main] backend.
> >>> AbstractIdentityBackend:
> >>>>>>> getIdentity failed, principalName = krbtgt/[email protected]
> >>>>>>> 2017-04-29 21:07:39,212 DEBUG [main] backend.
> >>> AbstractIdentityBackend:
> >>>>>>> addIdentity successful, principalName =
> >>>>>>> krbtgt/[email protected]
> >>>>>>> 2017-04-29 21:07:39,212 DEBUG [main] backend.
> >>> AbstractIdentityBackend:
> >>>>>>> getIdentity called, principalName = kadmin/[email protected]
> >>>>>>> 2017-04-29 21:07:39,212 DEBUG [main] backend.
> >>> AbstractIdentityBackend:
> >>>>>>> getIdentity failed, principalName = kadmin/[email protected]
> >>>>>>> 2017-04-29 21:07:39,213 DEBUG [main] backend.
> >>> AbstractIdentityBackend:
> >>>>>>> addIdentity successful, principalName =
> >>>>>>> kadmin/[email protected]
> >>>>>>> 2017-04-29 21:07:39,216 DEBUG [main] backend.
> >>> AbstractIdentityBackend:
> >>>>>>> start called
> >>>>>>> 2017-04-29 21:07:39,232 DEBUG [main] backend.
> >>> AbstractIdentityBackend:
> >>>>>>> addIdentity successful, principalName =
> >>>>>>> test-service/[email protected]
> >>>>>>> 2017-04-29 21:07:39,425 DEBUG [main] backend.
> >>> AbstractIdentityBackend:
> >>>>>>> addIdentity successful, principalName = [email protected]
> >>>>>>> 2017-04-29 21:07:39,465 DEBUG [pool-1-thread-1]
> >>>>>>> backend.AbstractIdentityBackend: getIdentity called,
> >>>>>>> principalName = krbtgt/[email protected]
> >>>>>>> 2017-04-29 21:07:39,465 DEBUG [pool-1-thread-1]
> >>>>>>> backend.AbstractIdentityBackend: getIdentity successful,
> >>>>>>> principalName = krbtgt/[email protected]
> >>>>>>> 2017-04-29 21:07:39,465 INFO [pool-1-thread-1]
> >> request.KdcRequest:
> >>>>>>> Client entry is empty.
> >>>>>>> 2017-04-29 21:07:39,465 DEBUG [pool-1-thread-1]
> >>>>>>> backend.AbstractIdentityBackend: getIdentity called,
> >>>>>>> principalName = [email protected]
> >>>>>>> 2017-04-29 21:07:39,465 DEBUG [pool-1-thread-1]
> >>>>>>> backend.AbstractIdentityBackend: getIdentity successful,
> >>>>>>> principalName = [email protected]
> >>>>>>> 2017-04-29 21:07:39,465 DEBUG [pool-1-thread-1]
> >>>>>>> backend.AbstractIdentityBackend: getIdentity called,
> >>>>>>> principalName = krbtgt/[email protected]
> >>>>>>> 2017-04-29 21:07:39,465 DEBUG [pool-1-thread-1]
> >>>>>>> backend.AbstractIdentityBackend: getIdentity successful,
> >>>>>>> principalName = krbtgt/[email protected]
> >>>>>>> 2017-04-29 21:07:39,476 DEBUG [pool-1-thread-1]
> >>>>>>> impl.DefaultKdcHandler: Transport or decoding error occurred,
> >>>>>>> disconnecting abnormally java.io.EOFException
> >>>>>>> at java.io.DataInputStream.readInt(DataInputStream.java:392)
> >>>>>>> at
> >>>>>>> org.apache.kerby.kerberos.kerb.transport.KrbTcpTransport.
> >>>>> receiveMessage(KrbTcpTransport.java:54)
> >>>>>>> at
> >>>>>>> org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandler.ru
> >>>>>>> n(
> >>>>> DefaultKdcHandler.java:46)
> >>>>>>> at
> >>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(
> >>>>> ThreadPoolExecutor.java:1142)
> >>>>>>> at
> >>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(
> >>>>> ThreadPoolExecutor.java:617)
> >>>>>>> at java.lang.Thread.run(Thread.java:748)
> >>>>>>> 2017-04-29 21:07:39,477 INFO [main] client.KrbClientBase:
> >>>>>>> Storing the tgt to the credential cache file.
> >>>>>>> 2017-04-29 21:07:39,491 DEBUG [main] backend.
> >>> AbstractIdentityBackend:
> >>>>>>> getIdentity called, principalName =
> >>>>>>> test-service/[email protected]
> >>>>>>> 2017-04-29 21:07:39,491 DEBUG [main] backend.
> >>> AbstractIdentityBackend:
> >>>>>>> getIdentity successful, principalName =
> >>>>>>> test-service/[email protected]
> >>>>>>> 2017-04-29 21:07:39,498 DEBUG [pool-1-thread-1]
> >>>>>>> backend.AbstractIdentityBackend: getIdentity called,
> >>>>>>> principalName = krbtgt/[email protected]
> >>>>>>> 2017-04-29 21:07:39,498 DEBUG [pool-1-thread-1]
> >>>>>>> backend.AbstractIdentityBackend: getIdentity successful,
> >>>>>>> principalName = krbtgt/[email protected]
> >>>>>>> 2017-04-29 21:07:39,498 INFO [pool-1-thread-1]
> >> request.KdcRequest:
> >>>>>>> Client entry is empty.
> >>>>>>> 2017-04-29 21:07:39,499 DEBUG [pool-1-thread-1]
> >>>>>>> backend.AbstractIdentityBackend: getIdentity called,
> >>>>>>> principalName = test-service/[email protected]
> >>>>>>> 2017-04-29 21:07:39,499 DEBUG [pool-1-thread-1]
> >>>>>>> backend.AbstractIdentityBackend: getIdentity successful,
> >>>>>>> principalName = test-service/[email protected]
> >>>>>>> 2017-04-29 21:07:39,499 DEBUG [pool-1-thread-1]
> >>>>>>> backend.AbstractIdentityBackend: getIdentity called,
> >>>>>>> principalName = krbtgt/[email protected]
> >>>>>>> 2017-04-29 21:07:39,499 DEBUG [pool-1-thread-1]
> >>>>>>> backend.AbstractIdentityBackend: getIdentity successful,
> >>>>>>> principalName = krbtgt/[email protected]
> >>>>>>> 2017-04-29 21:07:39,499 INFO [pool-1-thread-1]
> >> request.KdcRequest:
> >>>>>>> The preauth data is empty.
> >>>>>>> 2017-04-29 21:07:39,501 INFO [pool-1-thread-1] server.KdcHandler:
> >>>>>>> KRB error occurred while processing request:Additional
> >>>>>>> pre-authentication required
> >>>>>>> 2017-04-29 21:07:39,502 DEBUG [pool-1-thread-1]
> >>>>>>> impl.DefaultKdcHandler: Transport or decoding error occurred,
> >>>>>>> disconnecting abnormally java.io.EOFException
> >>>>>>> at java.io.DataInputStream.readInt(DataInputStream.java:392)
> >>>>>>> at
> >>>>>>> org.apache.kerby.kerberos.kerb.transport.KrbTcpTransport.
> >>>>> receiveMessage(KrbTcpTransport.java:54)
> >>>>>>> at
> >>>>>>> org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandler.ru
> >>>>>>> n(
> >>>>> DefaultKdcHandler.java:46)
> >>>>>>> at
> >>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(
> >>>>> ThreadPoolExecutor.java:1142)
> >>>>>>> at
> >>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(
> >>>>> ThreadPoolExecutor.java:617)
> >>>>>>> at java.lang.Thread.run(Thread.java:748)
> >>>>>>> 2017-04-29 21:07:39,505 DEBUG [pool-1-thread-1]
> >>>>>>> backend.AbstractIdentityBackend: getIdentity called,
> >>>>>>> principalName = krbtgt/[email protected]
> >>>>>>> 2017-04-29 21:07:39,505 DEBUG [pool-1-thread-1]
> >>>>>>> backend.AbstractIdentityBackend: getIdentity successful,
> >>>>>>> principalName = krbtgt/[email protected]
> >>>>>>> 2017-04-29 21:07:39,505 INFO [pool-1-thread-1]
> >> request.KdcRequest:
> >>>>>>> Client entry is empty.
> >>>>>>> 2017-04-29 21:07:39,506 DEBUG [pool-1-thread-1]
> >>>>>>> backend.AbstractIdentityBackend: getIdentity called,
> >>>>>>> principalName = test-service/[email protected]
> >>>>>>> 2017-04-29 21:07:39,506 DEBUG [pool-1-thread-1]
> >>>>>>> backend.AbstractIdentityBackend: getIdentity successful,
> >>>>>>> principalName = test-service/[email protected]
> >>>>>>> 2017-04-29 21:07:39,506 DEBUG [pool-1-thread-1]
> >>>>>>> backend.AbstractIdentityBackend: getIdentity called,
> >>>>>>> principalName = krbtgt/[email protected]
> >>>>>>> 2017-04-29 21:07:39,506 DEBUG [pool-1-thread-1]
> >>>>>>> backend.AbstractIdentityBackend: getIdentity successful,
> >>>>>>> principalName = krbtgt/[email protected]
> >>>>>>> 2017-04-29 21:07:39,510 DEBUG [pool-1-thread-1]
> >>>>>>> impl.DefaultKdcHandler: Transport or decoding error occurred,
> >>>>>>> disconnecting abnormally java.io.EOFException
> >>>>>>> at java.io.DataInputStream.readInt(DataInputStream.java:392)
> >>>>>>> at
> >>>>>>> org.apache.kerby.kerberos.kerb.transport.KrbTcpTransport.
> >>>>> receiveMessage(KrbTcpTransport.java:54)
> >>>>>>> at
> >>>>>>> org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandler.ru
> >>>>>>> n(
> >>>>> DefaultKdcHandler.java:46)
> >>>>>>> at
> >>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(
> >>>>> ThreadPoolExecutor.java:1142)
> >>>>>>> at
> >>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(
> >>>>> ThreadPoolExecutor.java:617)
> >>>>>>> at java.lang.Thread.run(Thread.java:748)
> >>>>>>> 2017-04-29 21:07:55,602 DEBUG [pool-1-thread-1]
> >>>>>>> backend.AbstractIdentityBackend: getIdentity called,
> >>>>>>> principalName = krbtgt/[email protected]
> >>>>>>> 2017-04-29 21:07:55,602 DEBUG [pool-1-thread-1]
> >>>>>>> backend.AbstractIdentityBackend: getIdentity successful,
> >>>>>>> principalName = krbtgt/[email protected]
> >>>>>>> 2017-04-29 21:07:55,602 INFO [pool-1-thread-1]
> >> request.KdcRequest:
> >>>>>>> Found fast padata and start to process it.
> >>>>>>> 2017-04-29 21:07:55,603 ERROR [pool-1-thread-1]
> >>>>>>> impl.DefaultKdcHandler: Error occured while processing request:
> >>>>>>> org.apache.kerby.kerberos.kerb.KrbException: Decoding failed
> >>>>>>> at org.apache.kerby.kerberos.kerb.KrbCodec.decode(KrbCodec.
> >>>>> java:85)
> >>>>>>> at org.apache.kerby.kerberos.kerb.KrbCodec.decode(KrbCodec.
> >>>>> java:70)
> >>>>>>> at
> >>>>>>> org.apache.kerby.kerberos.kerb.server.request.KdcRequest.kdcFin
> >>>>>>> dF
> >>>>>>> as
> >>>>>>> t(
> >>>>> KdcRequest.java:208)
> >>>>>>> at
> >>>>>>> org.apache.kerby.kerberos.kerb.server.request.
> >>>>> KdcRequest.process(KdcRequest.java:168)
> >>>>>>> at
> >>>>>>> org.apache.kerby.kerberos.kerb.server.KdcHandler.
> >>>>> handleMessage(KdcHandler.java:115)
> >>>>>>> at
> >>>>>>> org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandler.
> >>>>> handleMessage(DefaultKdcHandler.java:67)
> >>>>>>> at
> >>>>>>> org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandler.ru
> >>>>>>> n(
> >>>>> DefaultKdcHandler.java:52)
> >>>>>>> at
> >>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(
> >>>>> ThreadPoolExecutor.java:1142)
> >>>>>>> at
> >>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(
> >>>>> ThreadPoolExecutor.java:617)
> >>>>>>> at java.lang.Thread.run(Thread.java:748)
> >>>>>>> Caused by: java.io.IOException: Unexpected item context [0]
> >>>>>>> [tag=0xA0, off=0, len=3+207], expecting 0x30
> >>>>>>> at
> >>>>>>> org.apache.kerby.asn1.type.Asn1Encodeable.decode(
> >>>>> Asn1Encodeable.java:210)
> >>>>>>> at
> >>>>>>> org.apache.kerby.asn1.type.Asn1Encodeable.decode(
> >>>>> Asn1Encodeable.java:197)
> >>>>>>> at org.apache.kerby.kerberos.kerb.KrbCodec.decode(KrbCodec.
> >>>>> java:83)
> >>>>>>> ... 9 more
> >>>>>>> 2017-04-29 21:07:55,604 DEBUG [pool-1-thread-1]
> >>>>>>> impl.DefaultKdcHandler: Transport or decoding error occurred,
> >>>>>>> disconnecting abnormally
> >>>>>>> java.net.SocketException: Socket closed
> >>>>>>> at java.net.SocketInputStream.socketRead0(Native Method)
> >>>>>>> at java.net.SocketInputStream.socketRead(SocketInputStream.
> >>>>> java:116)
> >>>>>>> at java.net.SocketInputStream.read(SocketInputStream.java:
> >> 171)
> >>>>>>> at java.net.SocketInputStream.read(SocketInputStream.java:
> >> 141)
> >>>>>>> at java.net.SocketInputStream.read(SocketInputStream.java:
> >> 224)
> >>>>>>> at java.io.DataInputStream.readInt(DataInputStream.java:387)
> >>>>>>> at
> >>>>>>> org.apache.kerby.kerberos.kerb.transport.KrbTcpTransport.
> >>>>> receiveMessage(KrbTcpTransport.java:54)
> >>>>>>> at
> >>>>>>> org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandler.ru
> >>>>>>> n(
> >>>>> DefaultKdcHandler.java:46)
> >>>>>>> at
> >>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(
> >>>>> ThreadPoolExecutor.java:1142)
> >>>>>>> at
> >>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(
> >>>>> ThreadPoolExecutor.java:617)
> >>>>>>> at java.lang.Thread.run(Thread.java:748)
> >>>>>>>
> >>>>>>> In a FreeIPA environment these python lines "just" work.
> >>>>>>>
> >>>>>>> Any suggestions are welcome!
> >>>>>>>
> >>>>>>> Marc
> >>>>>>>
> >>>>>>>
> >>>>>> --
> >>>>>> Marc de Lignie
> >>>>>>
> >>>>>
> >>>>> --
> >>>>> Marc de Lignie
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>> --
> >>>> Colm O hEigeartaigh
> >>>>
> >>>> Talend Community Coder
> >>>> http://coders.talend.com
> >>>>
> >>>
> >>>
> >>>
> >>> --
> >>> Colm O hEigeartaigh
> >>>
> >>> Talend Community Coder
> >>> http://coders.talend.com
> >>>
> >>
> >>
> >>
> >> --
> >> Colm O hEigeartaigh
> >>
> >> Talend Community Coder
> >> http://coders.talend.com
> >>
> >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
