I have tested the new improvement committed by Kai, without exceptions and 
errors in my side.

Thanks
Jiajia

-----Original Message-----
From: Zheng, Kai [mailto:kai.zh...@intel.com] 
Sent: Saturday, May 6, 2017 9:01 AM
To: kerby@directory.apache.org; cohei...@apache.org
Subject: Re: MIT Kerberos compatibility

I haven't repeated the issue but revisited the codes again and made 
improvements. Would you check it out? Thanks!

Sent from iPhone

> 在 2017年5月6日,上午6:28,Zheng, Kai <kai.zh...@intel.com> 写道:
> 
> Thanks colm for the clarification and it sounds an issue we need to address. 
> I will investigate it soon.
> 
> Sent from iPhone
> 
>> 在 2017年5月6日,上午2:14,Colm O hEigeartaigh <cohei...@apache.org> 写道:
>> 
>> Hi Kai,
>> 
>> If I enable UDP with the default Transport, I can get a ticket fine 
>> using kinit. However then the following error pops up in the window 
>> I'm running Kerby in (as a test):
>> 
>> Exception in thread "Thread-1" java.lang.RuntimeException: Error 
>> occured while checking udp connections
>>   at
>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork.run(KdcNetwork.java:105)
>>   at
>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork.access$000(KdcNetwork.java:39)
>>   at
>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork$1.run(KdcNetwork.java:75)
>>   at java.lang.Thread.run(Thread.java:748)
>> Caused by: java.nio.channels.ClosedChannelException
>>   at
>> sun.nio.ch.DatagramChannelImpl.ensureOpen(DatagramChannelImpl.java:320)
>>   at sun.nio.ch.DatagramChannelImpl.receive(DatagramChannelImpl.java:331)
>>   at
>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork.checkUdpMessage(KdcNetwork.java:132)
>>   at
>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork.run(KdcNetwork.ja
>> va:101)
>> 
>> Colm.
>> 
>> 
>>> On Fri, May 5, 2017 at 5:56 PM, Zheng, Kai <kai.zh...@intel.com> wrote:
>>> 
>>> Colm, did you see udp problem now instead? I'm a little confused. 
>>> Udp is sure supported but may not be enabled by default, which 
>>> should be okay, imo. Thanks.
>>> 
>>> Sent from iPhone
>>> 
>>>> 在 2017年5月6日,上午12:02,Colm O hEigeartaigh <cohei...@apache.org> 写道:
>>>> 
>>>> That's probably it. Why does the default transport not support UDP 
>>>> in
>>> Kerby?
>>>> 
>>>> Colm.
>>>> 
>>>>> On Fri, May 5, 2017 at 4:54 PM, Li, Jiajia <jiajia...@intel.com> wrote:
>>>>> 
>>>>> Are you sure add kdc_allow_udp = false in kdc.conf?
>>>>> 
>>>>> Thanks
>>>>> Jiajia
>>>>> 
>>>>> -----Original Message-----
>>>>> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
>>>>> Sent: Friday, May 5, 2017 11:41 PM
>>>>> To: Li, Jiajia <jiajia...@intel.com>
>>>>> Cc: kerby@directory.apache.org; Zheng, Kai <kai.zh...@intel.com>;
>>> mailto:
>>>>> m.c.delig...@xs4all.nl <m.c.delig...@xs4all.nl>
>>>>> Subject: Re: MIT Kerberos compatibility
>>>>> 
>>>>> Sorry, it was my error, UDP was actually enabled there. But why am 
>>>>> I
>>> still
>>>>> seeing that error message?
>>>>> 
>>>>> Colm.
>>>>> 
>>>>>> On Fri, May 5, 2017 at 4:39 PM, Li, Jiajia <jiajia...@intel.com>
>>> wrote:
>>>>>> 
>>>>>> Hi Colm,
>>>>>> I also test the Kerby KDC with kerby kint and MIT kinit, and only 
>>>>>> listen the tcp port(disable udp), both got ticket successfully. 
>>>>>> But I don't get the error message. Both krb.conf and kdc.conf 
>>>>>> should set udp to be false, udp is enabled in default.
>>>>>> 
>>>>>> Thanks
>>>>>> Jiajia
>>>>>> 
>>>>>> -----Original Message-----
>>>>>> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
>>>>>> Sent: Friday, May 5, 2017 11:34 PM
>>>>>> To: kerby@directory.apache.org
>>>>>> Cc: Zheng, Kai <kai.zh...@intel.com>; 
>>>>>> mailto:m.c.delig...@xs4all.nl < m.c.delig...@xs4all.nl>
>>>>>> Subject: Re: MIT Kerberos compatibility
>>>>>> 
>>>>>> Hi Jiajia,
>>>>>> 
>>>>>> If UDP is disabled and we don't use Netty, I can get a token 
>>>>>> successfully via kinit. However I then see an error message in 
>>>>>> the
>>> Kerby
>>>>> console:
>>>>>> 
>>>>>> Exception in thread "Thread-1" java.lang.RuntimeException: Error 
>>>>>> occured while checking udp connections  at 
>>>>>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork.run(
>>>>>> KdcNetwork.java:105)
>>>>>>  at
>>>>>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork.
>>>>>> access$000(KdcNetwork.java:39)
>>>>>>  at
>>>>>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork$1.
>>>>>> run(KdcNetwork.java:75)
>>>>>>  at java.lang.Thread.run(Thread.java:748)
>>>>>> Caused by: java.nio.channels.ClosedChannelException
>>>>>>  at
>>>>>> sun.nio.ch.DatagramChannelImpl.ensureOpen(
>>> DatagramChannelImpl.java:320)
>>>>>>  at sun.nio.ch.DatagramChannelImpl.receive(
>>>>>> DatagramChannelImpl.java:331)
>>>>>>  at
>>>>>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork.
>>>>>> checkUdpMessage(KdcNetwork.java:132)
>>>>>>  at
>>>>>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork.run(
>>>>>> KdcNetwork.java:101)
>>>>>> 
>>>>>> I'm not sure why we are seeing UDP errors when it's disabled?
>>>>>> 
>>>>>> Colm.
>>>>>> 
>>>>>>> On Fri, May 5, 2017 at 3:57 PM, Li, Jiajia <jiajia...@intel.com>
>>> wrote:
>>>>>>> 
>>>>>>> Hi Colm,
>>>>>>> The shell client can't connect to kdc if the UDP is disabled.
>>>>>>> We don't use Netty in default.
>>>>>>> What's your test-cases? The same as the Marc's?
>>>>>>> 
>>>>>>> Thanks
>>>>>>> Jiajia
>>>>>>> 
>>>>>>> -----Original Message-----
>>>>>>> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
>>>>>>> Sent: Friday, May 5, 2017 10:09 PM
>>>>>>> To: kerby@directory.apache.org
>>>>>>> Cc: Zheng, Kai <kai.zh...@intel.com>; 
>>>>>>> mailto:m.c.delig...@xs4all.nl < m.c.delig...@xs4all.nl>
>>>>>>> Subject: Re: MIT Kerberos compatibility
>>>>>>> 
>>>>>>> Hi Jiajia,
>>>>>>> 
>>>>>>> What are the issues if UDP is disabled and we don't use Netty? I 
>>>>>>> tried doing this with my own test-cases and it didn't work, so 
>>>>>>> it would be good to get this fixed soon.
>>>>>>> 
>>>>>>> Colm.
>>>>>>> 
>>>>>>> On Fri, May 5, 2017 at 2:46 PM, Li, Jiajia <jiajia...@intel.com>
>>>>> wrote:
>>>>>>> 
>>>>>>>> Hi Marc,
>>>>>>>>>>> - your KRB5 tracing looks quite different. What OS and 
>>>>>>>>>>> mit-kerberos
>>>>>>>> version did you use?
>>>>>>>> I use mac os and the python version is 2.7.10
>>>>>>>> 
>>>>>>>>>>> - your KRB5 tracing shows UDP comms between kerberos client 
>>>>>>>>>>> and KDC,
>>>>>>>> despite the allowUDP = false setting
>>>>>>>>>>> in my test. I did this setting because I get different 
>>>>>>>>>>> problems
>>>>>>>> without it, see the additional logs below. So,
>>>>>>>>>>> we must also be aware of networking problems at my side.
>>>>>>>> I enable the UDP and use netty network, there are some issues 
>>>>>>>> if UDP disabled, you can create a JIRA for this and we can fix 
>>>>>>>> this issue in the next release version.
>>>>>>>> 
>>>>>>>> The changes in my side as following:
>>>>>>>> 
>>>>>>>> protected boolean allowUdp() {
>>>>>>>>  return true;
>>>>>>>> }
>>>>>>>> @Override
>>>>>>>> protected void prepareKdc() throws KrbException {  
>>>>>>>> getKdcServer().setInnerKdcImpl(
>>>>>>>>          new 
>>>>>>>> NettyKdcServerImpl(getKdcServer().getKdcSetting()));
>>>>>>>>  super.prepareKdc();
>>>>>>>> }
>>>>>>>> 
>>>>>>>> Here is log of MitIssueTest:
>>>>>>>> [INFO] Running 
>>>>>>>> org.apache.kerby.kerberos.kerb.server.MitIssueTest
>>>>>>>> [nioEventLoopGroup-2-1] INFO
>>>>>>>> io.netty.handler.logging.LoggingHandler
>>>>>>>> -
>>>>>>>> [id: 0x2634fe6b] REGISTERED
>>>>>>>> [nioEventLoopGroup-2-1] INFO
>>>>>>>> io.netty.handler.logging.LoggingHandler
>>>>>>>> -
>>>>>>>> [id: 0x2634fe6b] BIND(0.0.0.0/0.0.0.0:53957) 
>>>>>>>> [nioEventLoopGroup-2-1] INFO 
>>>>>>>> io.netty.handler.logging.LoggingHandler -
>>>>>>>> [id: 0x2634fe6b, /0:0:0:0:0:0:0:0:53957] ACTIVE [main] INFO 
>>>>>>>> org.apache.kerby.kerberos.kdc.impl.NettyKdcServerImpl - Netty 
>>>>>>>> kdc server started.
>>>>>>>> [nioEventLoopGroup-2-1] INFO
>>>>>>>> io.netty.handler.logging.LoggingHandler
>>>>>>>> -
>>>>>>>> [id: 0x2634fe6b, /0:0:0:0:0:0:0:0:53957] RECEIVED: [id:
>>>>>>>> 0xdac7228b, /
>>>>>>>> 127.0.0.1:53961 => /127.0.0.1:53957] 
>>>>>>>> [defaultEventExecutorGroup-4-1] INFO 
>>>>>>>> org.apache.kerby.kerberos.kerb.server.request.AsRequest
>>>>>>>> - AS_REQ ISSUE: authtime 1493991123792,dran...@test.com for 
>>>>>>>> krbtgt/ test....@test.com [main] INFO 
>>>>>>>> org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbCl
>>>>>>>> ien
>>>>>>>> t
>>>>>>>> - Send to kdc success.
>>>>>>>> [main] INFO org.apache.kerby.kerberos.kerb.client.KrbClientBase 
>>>>>>>> - Storing the tgt to the credential cache file.
>>>>>>>> [nioEventLoopGroup-5-1] INFO
>>>>>>>> org.apache.kerby.kerberos.kerb.server.request.KdcRequest
>>>>>>>> - The preauth data is empty.
>>>>>>>> [nioEventLoopGroup-5-1] INFO
>>>>>>>> org.apache.kerby.kerberos.kerb.server.KdcHandler
>>>>>>>> - KRB error occurred while processing request:Additional 
>>>>>>>> pre-authentication required [nioEventLoopGroup-5-1] INFO 
>>>>>>>> org.apache.kerby.kerberos.kerb.server.request.AsRequest
>>>>>>>> - AS_REQ ISSUE: authtime
>>>>>>>> 1493991123859,test-service/localh...@test.com
>>>>>>>> for krbtgt/test....@test.com
>>>>>>>> [nioEventLoopGroup-5-1] INFO
>>>>>>>> org.apache.kerby.kerberos.kerb.server.request.TgsRequest
>>>>>>>> - TGS_REQ ISSUE: authtime 1493991142850,drankye for 
>>>>>>>> test-service/ localh...@test.com
>>>>>>>> 
>>>>>>>> Thanks
>>>>>>>> Jiajia
>>>>>>>> 
>>>>>>>> -----Original Message-----
>>>>>>>> From: Zheng, Kai
>>>>>>>> Sent: Friday, May 5, 2017 7:46 PM
>>>>>>>> To: kerby@directory.apache.org; Li, Jiajia 
>>>>>>>> <jiajia...@intel.com>
>>>>>>>> Subject: RE: MIT Kerberos compatibility
>>>>>>>> 
>>>>>>>> Hi Marc,
>>>>>>>> 
>>>>>>>> Looks like this is quite environment related, could you fire an 
>>>>>>>> issue for this? I would suggest we target it to 1.1.0, which 
>>>>>>>> can be done in
>>>>>>> June.
>>>>>>>> 
>>>>>>>> Regards,
>>>>>>>> Kai
>>>>>>>> 
>>>>>>>> -----Original Message-----
>>>>>>>> From: Marc de Lignie [mailto:m.c.delig...@xs4all.nl]
>>>>>>>> Sent: Friday, May 05, 2017 4:44 PM
>>>>>>>> To: Li, Jiajia <jiajia...@intel.com>
>>>>>>>> Cc: kerby@directory.apache.org
>>>>>>>> Subject: Re: MIT Kerberos compatibility
>>>>>>>> 
>>>>>>>> Hi Jiajia,
>>>>>>>> 
>>>>>>>> Great to read that you made progress on this issue and to see a 
>>>>>>>> working config at your side. Below, I list my progress below 
>>>>>>>> (with trunk merged into my MitIssue branch), but I am afraid we 
>>>>>>>> are not done
>>>>>>> yet.
>>>>>>>> 
>>>>>>>> Things that stand out:
>>>>>>>> 
>>>>>>>> - the kdc decoding error is solved, relative to the logs 
>>>>>>>> without your patch
>>>>>>>> 
>>>>>>>> - your KRB5 tracing looks quite different. What OS and 
>>>>>>>> mit-kerberos version did you use?
>>>>>>>> 
>>>>>>>> - your KRB5 tracing shows UDP comms between kerberos client and 
>>>>>>>> KDC, despite the allowUDP = false setting in my test. I did 
>>>>>>>> this setting because I get different problems without it, see 
>>>>>>>> the additional logs below. So, we must also be aware of 
>>>>>>>> networking
>>>>> problems at my side.
>>>>>>>> 
>>>>>>>> - the "Response was not from master KDC" msg is not relevant; 
>>>>>>>> it disappears if you manually add master_kdc to the realms 
>>>>>>>> section of the krb5.conf
>>>>>>>> 
>>>>>>>> I have no idea how to proceed from here, so that is why I just 
>>>>>>>> document the status at my side and ask about your - apparently 
>>>>>>>> working -
>>>>>>> config.
>>>>>>>> 
>>>>>>>> Cheers,   Marc
>>>>>>>> 
>>>>>>>> 
>>>>>>>> KDC logging with allowUDP = false:
>>>>>>>> 
>>>>>>>> [INFO] Running 
>>>>>>>> org.apache.kerby.kerberos.kerb.server.MitIssueTest
>>>>>>>> [pool-1-thread-1] INFO
>>>>>>>> org.apache.kerby.kerberos.kerb.server.request.AsRequest - 
>>>>>>>> AS_REQ
>>>>>> ISSUE:
>>>>>>>> authtime 1493970789075,dran...@test.com for 
>>>>>>>> krbtgt/test....@test.com [main] INFO 
>>>>>>>> org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbCl
>>>>>>>> ien
>>>>>>>> t
>>>>>>>> - Send to kdc success.
>>>>>>>> [main] INFO org.apache.kerby.kerberos.kerb.client.KrbClientBase 
>>>>>>>> - Storing the tgt to the credential cache file.
>>>>>>>> [pool-1-thread-1] INFO
>>>>>>>> org.apache.kerby.kerberos.kerb.server.request.KdcRequest - The 
>>>>>>>> preauth data is empty.
>>>>>>>> [pool-1-thread-1] INFO
>>>>>>>> org.apache.kerby.kerberos.kerb.server.KdcHandler
>>>>>>>> - KRB error occurred while processing request:Additional 
>>>>>>>> pre-authentication required [pool-1-thread-1] INFO 
>>>>>>>> org.apache.kerby.kerberos.kerb.server.request.AsRequest - 
>>>>>>>> AS_REQ
>>>>>> ISSUE:
>>>>>>>> authtime 1493970789108,test-service/localh...@test.com for 
>>>>>>>> krbtgt/ test....@test.com [pool-1-thread-1] INFO 
>>>>>>>> org.apache.kerby.kerberos.kerb.server.request.KdcRequest
>>>>>>>> - Found fast padata and starting to process it.
>>>>>>>> [pool-1-thread-1] INFO
>>>>>>>> org.apache.kerby.kerberos.kerb.server.request.KdcRequest - 
>>>>>>>> Found fast padata and starting to process it.
>>>>>>>> 
>>>>>>>> Python script KRB5 tracing (MIT Kerberos 1.13.2 of Ubuntu 
>>>>>>>> Xenial) with allowUDP = false:
>>>>>>>> 
>>>>>>>> $ .
>>>>>>>> kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/
>>>>>>>> kerberos/kerb/server/MitIssueTest.sh
>>>>>>>> [25281] 1493970797.298753: Retrieving dran...@test.com from 
>>>>>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with
>>>>> result:
>>>>>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not found 
>>>>>>>> [25281]
>>>>>>>> 1493970797.298952: Retrieving dran...@test.com from 
>>>>>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with
>>>>> result:
>>>>>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not found 
>>>>>>>> [25281]
>>>>>>>> 1493970797.299106: Retrieving dran...@test.com from 
>>>>>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with
>>>>> result:
>>>>>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not found 
>>>>>>>> [25281]
>>>>>>>> 1493970797.299213: Retrieving dran...@test.com from 
>>>>>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with
>>>>> result:
>>>>>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not found 
>>>>>>>> [25281]
>>>>>>>> 1493970797.299323: Retrieving dran...@test.com from 
>>>>>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with
>>>>> result:
>>>>>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not found 
>>>>>>>> [25281]
>>>>>>>> 1493970797.299436: Retrieving dran...@test.com from 
>>>>>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with
>>>>> result:
>>>>>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not found 
>>>>>>>> [25281]
>>>>>>>> 1493970797.299545: Retrieving dran...@test.com from 
>>>>>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with
>>>>> result:
>>>>>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not found 
>>>>>>>> [25281]
>>>>>>>> 1493970797.299654: Retrieving dran...@test.com from 
>>>>>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with
>>>>> result:
>>>>>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not found 
>>>>>>>> kerberos.authGSSClientInit successful [25281] 1493970797.299922:
>>>>>>>> Getting credentials dran...@test.com -> test-service/localhost@ 
>>>>>>>> using ccache 
>>>>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc
>>>>>>>> [25281] 1493970797.299945: Retrieving dran...@test.com -> 
>>>>>>>> test-service/localhost@ from 
>>>>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc
>>>>>>>> with result:
>>>>>>>> -1765328243/Matching credential not found [25281] 1493970797.299959:
>>>>>>>> Retrying dran...@test.com -> test-service/localh...@test.com 
>>>>>>>> with
>>>>>>> result:
>>>>>>>> -1765328243/Matching credential not found [25281] 1493970797.299962:
>>>>>>>> Server has referral realm; starting with 
>>>>>>>> test-service/localh...@test.com [25281]
>>>>>>>> 1493970797.299975: Retrieving dran...@test.com -> 
>>>>>>>> krbtgt/test....@test.com from 
>>>>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc
>>>>>>> with result:
>>>>>>>> 0/Success [25281] 1493970797.299979: Starting with TGT for 
>>>>>>>> client
>>>>>> realm:
>>>>>>>> dran...@test.com -> krbtgt/test....@test.com [25281]
>>>>>> 1493970797.299981:
>>>>>>>> Requesting tickets for test-service/localh...@test.com, 
>>>>>>>> referrals on [25281] 1493970797.299994: Generated subkey for TGS 
>>>>>>>> request:
>>>>>>>> aes128-cts/1B9B [25281] 1493970797.300009: etypes requested in 
>>>>>>>> TGS
>>>>>>> request:
>>>>>>>> aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac, 
>>>>>>>> camellia128-cts, camellia256-cts [25281] 1493970797.300054: 
>>>>>>>> Encoding request body and padata into FAST request [25281] 
>>>>>>>> 1493970797.300080: Sending request
>>>>>>>> (823 bytes) to TEST.COM [25281] 1493970797.300091: Resolving 
>>>>>>>> hostname localhost [25281]
>>>>>>>> 1493970797.300136: Initiating TCP connection to stream
>>>>>>>> 127.0.0.1:34319
>>>>>>>> [25281] 1493970797.300191: Sending TCP request to stream
>>>>>>>> 127.0.0.1:34319 [25281] 1493970797.303610: Received answer (125
>>>>>>>> bytes) from stream
>>>>>>>> 127.0.0.1:34319
>>>>>>>> [25281] 1493970797.303618: Terminating TCP connection to stream
>>>>>>>> 127.0.0.1:34319
>>>>>>>> [25281] 1493970797.553126: Response was not from master KDC 
>>>>>>>> [25281]
>>>>>>>> 1493970797.553198: TGS request result: -1765323383/Unknown code 
>>>>>>>> krcM
>>>>>>>> 137 [25281] 1493970797.553234: Requesting tickets for 
>>>>>>>> test-service/ localh...@test.com, referrals off [25281]
>>>>> 1493970797.553273:
>>>>>>>> Generated subkey for TGS request: aes128-cts/94C6 [25281]
>>>>>> 1493970797.553323:
>>>>>>>> etypes requested in TGS request: aes256-cts, aes128-cts, 
>>>>>>>> des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts 
>>>>>>>> [25281]
>>>>>>>> 1493970797.553436: Encoding request body and padata into FAST 
>>>>>>>> request
>>>>>>> [25281] 1493970797.553532:
>>>>>>>> Sending request (823 bytes) to TEST.COM [25281] 1493970797.553567:
>>>>>>>> Resolving hostname localhost [25281] 1493970797.553745: 
>>>>>>>> Initiating TCP connection to stream
>>>>>>>> 127.0.0.1:34319
>>>>>>>> [25281] 1493970797.553889: Sending TCP request to stream
>>>>>>>> 127.0.0.1:34319 [25281] 1493970797.558297: Received answer (125
>>>>>>>> bytes) from stream
>>>>>>>> 127.0.0.1:34319
>>>>>>>> [25281] 1493970797.558318: Terminating TCP connection to stream
>>>>>>>> 127.0.0.1:34319
>>>>>>>> [25281] 1493970797.561189: Response was not from master KDC 
>>>>>>>> [25281]
>>>>>>>> 1493970797.561258: TGS request result: -1765323383/Unknown code 
>>>>>>>> krcM
>>>>>>>> 137 ('First kerberos.authGSSClientStep not successful', 
>>>>>>>> GSSError(('Unspecified GSS failure.  Minor code may provide 
>>>>>>>> more information', 851968), ('Unknown code krcM 137', 
>>>>>>>> -1765323383)))
>>>>>>>> 
>>>>>>>> 
>>>>>>>> KDC logging with allowUDP = true:
>>>>>>>> 
>>>>>>>> [INFO] Running 
>>>>>>>> org.apache.kerby.kerberos.kerb.server.MitIssueTest
>>>>>>>> [pool-1-thread-1] INFO
>>>>>>>> org.apache.kerby.kerberos.kerb.server.request.AsRequest - 
>>>>>>>> AS_REQ
>>>>>> ISSUE:
>>>>>>>> authtime 1493972505784,dran...@test.com for 
>>>>>>>> krbtgt/test....@test.com [main] INFO 
>>>>>>>> org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbCl
>>>>>>>> ien
>>>>>>>> t
>>>>>>>> - Send to kdc success.
>>>>>>>> [main] INFO org.apache.kerby.kerberos.kerb.client.KrbClientBase 
>>>>>>>> - Storing the tgt to the credential cache file.
>>>>>>>> [pool-1-thread-1] INFO
>>>>>>>> org.apache.kerby.kerberos.kerb.server.request.KdcRequest - The 
>>>>>>>> preauth data is empty.
>>>>>>>> [pool-1-thread-1] INFO
>>>>>>>> org.apache.kerby.kerberos.kerb.server.KdcHandler
>>>>>>>> - KRB error occurred while processing request:Additional 
>>>>>>>> pre-authentication required [pool-1-thread-2] INFO 
>>>>>>>> org.apache.kerby.kerberos.kerb.server.request.AsRequest - 
>>>>>>>> AS_REQ
>>>>>> ISSUE:
>>>>>>>> authtime 1493972505948,test-service/localh...@test.com for 
>>>>>>>> krbtgt/ test....@test.com Exception in thread "Thread-0"
>>>>>>>> java.lang.RuntimeException: Error occured while checking udp
>>>>>> connections
>>>>>>>>   at
>>>>>>>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork.run(
>>>>>>>> KdcNetwork.java:105)
>>>>>>>>   at
>>>>>>>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork.
>>>>>>>> access$000(KdcNetwork.java:39)
>>>>>>>>   at
>>>>>>>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork$1.
>>>>>>>> run(KdcNetwork.java:75)
>>>>>>>>   at java.lang.Thread.run(Thread.java:748)
>>>>>>>> Caused by: java.nio.channels.ClosedChannelException
>>>>>>>>   at
>>>>>>>> sun.nio.ch.DatagramChannelImpl.ensureOpen(
>>>>>> DatagramChannelImpl.java:320)
>>>>>>>>   at sun.nio.ch.DatagramChannelImpl.receive(
>>>>>>>> DatagramChannelImpl.java:331)
>>>>>>>>   at
>>>>>>>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork.
>>>>>>>> checkUdpMessage(KdcNetwork.java:132)
>>>>>>>>   at
>>>>>>>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork.run(
>>>>>>>> KdcNetwork.java:101)
>>>>>>>>   ... 3 more
>>>>>>>> 
>>>>>>>> 
>>>>>>>> krb5.conf:
>>>>>>>> 
>>>>>>>> [libdefaults]
>>>>>>>>   kdc_realm = TEST.COM
>>>>>>>>   default_realm = TEST.COM
>>>>>>>>   udp_preference_limit = 4096
>>>>>>>>   kdc_tcp_port = 37080
>>>>>>>>   kdc_udp_port = 36525
>>>>>>>> 
>>>>>>>> [realms]
>>>>>>>>   TEST.COM = {
>>>>>>>>       kdc = localhost:36525
>>>>>>>>   }
>>>>>>>> 
>>>>>>>> And port 36525 does not show up in `netstat -l` (while 37080 
>>>>>>>> does)
>>>>>>>> 
>>>>>>>> 
>>>>>>>> Op 04-05-17 om 14:55 schreef Li, Jiajia:
>>>>>>>>> Hi Marc,
>>>>>>>>> I try to run your test(through applying your patch in the 
>>>>>>>>> trunk) , I
>>>>>>>> think it's success now.  Could you take some time to check about it?
>>>>>>>>> Here is the log:
>>>>>>>>> 
>>>>>>>>> directory-kerby git:(trunk) ? .
>>>>>>>>> kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerber
>>>>>>>>> os
>>>>>>>>> /k
>>>>>>>>> er
>>>>>>>>> b/
>>>>>>>>> server/MitIssueTest.sh
>>>>>>>>> kerberos.authGSSClientInit successful
>>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328234: entypes not 
>>>>>>>>> supported
>>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328243: Did not find 
>>>>>>>>> credential for krb5_ccache_conf_data/realm-config@X-CACHECONF:
>>>>>>>>> in cache FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc
>>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328243: Did not find 
>>>>>>>>> credential for test-service/localh...@test.com in cache 
>>>>>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc
>>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328243: Did not find 
>>>>>>>>> credential for 
>>>>>>>>> krb5_ccache_conf_data/negative-cache/test-service\134/localhos
>>>>>>>>> t\
>>>>>>>>> 13
>>>>>>>>> 4@
>>>>>>>>> TE
>>>>>>>>> ST.COM@X-CACHECONF: in cache
>>>>>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc
>>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328243: Did not find 
>>>>>>>>> credential for krb5_ccache_conf_data/lkdc-hostname@X-CACHECONF:
>>>>>>>>> in cache FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc
>>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328243: Did not find 
>>>>>>>>> credential for krb5_ccache_conf_data/sitename@X-CACHECONF: in 
>>>>>>>>> cache FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc
>>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328243: Did not find 
>>>>>>>>> credential for test-service/localh...@test.com in cache 
>>>>>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc
>>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328234: Encryption type 
>>>>>>>>> des-cbc-md5-deprecated not supported
>>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328234: Encryption type 
>>>>>>>>> des-cbc-md4-deprecated not supported
>>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328234: Encryption type 
>>>>>>>>> des-cbc-crc-deprecated not supported
>>>>>>>>> 2017-05-04T20:44:06 Trying to find service kdc for realm 
>>>>>>>>> TEST.COM flags 0
>>>>>>>>> 2017-05-04T20:44:06 configuration file for realm TEST.COM 
>>>>>>>>> found
>>>>>>>>> 2017-05-04T20:44:06 submissing new requests to new host
>>>>>>>>> 2017-05-04T20:44:06 host_create: setting hostname localhost
>>>>>>>>> 2017-05-04T20:44:06 connecting to host: udp ::1:52534
>>>>>>>>> (localhost)
>>>>>> tid:
>>>>>>>>> 00000001
>>>>>>>>> 2017-05-04T20:44:06 host_create: setting hostname localhost
>>>>>>>>> 2017-05-04T20:44:06 Queuing host in future (in 3s), its the 2 
>>>>>>>>> address on the same name: udp 127.0.0.1:52534 (localhost) tid:
>>>>>>>>> 00000002
>>>>>>>>> 2017-05-04T20:44:06 writing packet: udp ::1:52534 (localhost) tid:
>>>>>>>>> 00000001
>>>>>>>>> 2017-05-04T20:44:06 reading packet: udp ::1:52534 (localhost) tid:
>>>>>>>>> 00000001
>>>>>>>>> 2017-05-04T20:44:06 host completed: udp ::1:52534 (localhost) tid:
>>>>>>>>> 00000001
>>>>>>>>> 2017-05-04T20:44:06 krb5_sendto_context TEST.COM done: 0 hosts 
>>>>>>>>> 1 packets 1 wc: 0.048927 nr: 0.000932 kh: 0.000814 tid: 
>>>>>>>>> 00000002
>>>>>>>>> 2017-05-04T20:44:06 tkt: extract key 17/763641F3
>>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328353: Decrypt integrity 
>>>>>>>>> check failed for checksum type hmac-sha1-96-aes128, key type
>>>>>>>>> aes128-cts-hmac-sha1-96
>>>>>>>>> 2017-05-04T20:44:06 tkt: extract key 17/3084A95C
>>>>>>>>> 2017-05-04T20:44:06 krb5_get_credentials_with_flags: TEST.COM wc:
>>>>>>>>> 0.050317
>>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328243: Did not find 
>>>>>>>>> credential for krb5_ccache_conf_data/realm-config@X-CACHECONF:
>>>>>>>>> in cache FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc
>>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328243: Did not find 
>>>>>>>>> credential for 
>>>>>>>>> krb5_ccache_conf_data/time-offset/test-service\134/
>>>>>> localhost\134@TEST.
>>>>>>>>> COM@X-CACHECONF: in cache
>>>>>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc
>>>>>>>>> 2017-05-04T20:44:06 Setting up PFS for auth context
>>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328234: Encryption type 
>>>>>>>>> des-cbc-md5-deprecated not supported
>>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328234: Encryption type 
>>>>>>>>> des-cbc-md4-deprecated not supported
>>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328234: Encryption type 
>>>>>>>>> des-cbc-crc-deprecated not supported First 
>>>>>>>>> kerberos.authGSSClientStep successful
>>>>>>>>> 
>>>>>>>>> Thanks
>>>>>>>>> Jiajia
>>>>>>>>> 
>>>>>>>>> -----Original Message-----
>>>>>>>>> From: Zheng, Kai [mailto:kai.zh...@intel.com]
>>>>>>>>> Sent: Wednesday, May 3, 2017 7:29 PM
>>>>>>>>> To: kerby@directory.apache.org
>>>>>>>>> Subject: RE: MIT Kerberos compatibility
>>>>>>>>> 
>>>>>>>>> Hi Marc,
>>>>>>>>> 
>>>>>>>>> In case you're not aware of this, please check out the latest 
>>>>>>>>> fix made
>>>>>>>> by Jiajia. We thought your case may be different, but would be 
>>>>>>>> good to have a check before we can repeat/fix your case. Thanks.
>>>>>>>>> https://issues.apache.org/jira/browse/DIRKRB-625
>>>>>>>>> 
>>>>>>>>> Regards,
>>>>>>>>> Kai
>>>>>>>>> 
>>>>>>>>> -----Original Message-----
>>>>>>>>> From: Marc de Lignie [mailto:m.c.delig...@xs4all.nl]
>>>>>>>>> Sent: Sunday, April 30, 2017 7:45 PM
>>>>>>>>> To: kerby@directory.apache.org
>>>>>>>>> Subject: Re: MIT Kerberos compatibility
>>>>>>>>> 
>>>>>>>>> Hi Kai,
>>>>>>>>> 
>>>>>>>>> The terminal output below is for the latest MIT Kerberos 
>>>>>>>>> 1.15.1 (locally
>>>>>>>> built on Ubuntu Xenial). Before that, I also tested with the 
>>>>>>>> default Xenial MIT Kerberos packages (1.13.2), with the same 
>>>>>>>> result. I did not try earlier MIT Kerberos versions.
>>>>>>>>> 
>>>>>>>>> Marc
>>>>>>>>> 
>>>>>>>>> Op 29-04-17 om 21:42 schreef Marc de Lignie:
>>>>>>>>>> Hi Kai,
>>>>>>>>>> 
>>>>>>>>>> Thanks for the response. I prepared a minimal config that 
>>>>>>>>>> reproduces my problem.
>>>>>>>>>> 
>>>>>>>>>> You can fetch the branch/commit from:
>>>>>>>>>> https://github.com/vtslab/directory-kerby/commits/MitIssue
>>>>>>>>>> 
>>>>>>>>>> This is relative to RC2, but I also tried this on trunk for 
>>>>>>>>>> my actual project.
>>>>>>>>>> 
>>>>>>>>>> This config produces the debug and error messages below.
>>>>>>>>>> 
>>>>>>>>>> 1. For the terminal with the bash + python script $ klist 
>>>>>>>>>> Ticket
>>>>>>>>>> cache: FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc
>>>>>>>>>> Default principal: dran...@test.com
>>>>>>>>>> 
>>>>>>>>>> Valid starting     Expires            Service principal
>>>>>>>>>> 29-04-17 21:07:39  30-04-17 05:07:39  krbtgt/test....@test.com
>>>>>>>>>>   renew until 29-04-17 21:07:39
>>>>>>>>>> 
>>>>>>>>>> $ .
>>>>>>>>>> kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerbe
>>>>>>>>>> ro s/ ke rb / server/MitIssueTest.sh [15538] 
>>>>>>>>>> 1493491231.917606:
>>>>>>>>>> Retrieving dran...@test.com from 
>>>>>>>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) 
>>>>>>>>>> with
>>>>>>>>>> result:
>>>>>>>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not 
>>>>>>>>>> found [15538]
>>>>>>>>>> 1493491231.917827: Retrieving dran...@test.com from 
>>>>>>>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) 
>>>>>>>>>> with
>>>>>>> result:
>>>>>>>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not 
>>>>>>>>>> found kerberos.authGSSClientInit successful [15538] 
>>>>>>>>>> 1493491231.918185:
>>>>>>>>>> Getting credentials dran...@test.com -> 
>>>>>>>>>> test-service/localhost@ using ccache 
>>>>>>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc
>>>>>>>>>> [15538] 1493491231.918210: Retrieving dran...@test.com -> 
>>>>>>>>>> test-service/localhost@ from 
>>>>>>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc with result:
>>>>>>>>>> -1765328243/Matching credential not found (filename:
>>>>>>>>>> kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc)
>>>>>>>>>> [15538] 1493491231.918226: Retrying dran...@test.com -> 
>>>>>>>>>> test-service/localh...@test.com with result:
>>>>>>>>>> -1765328243/Matching credential not found (filename:
>>>>>>>>>> kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc)
>>>>>>>>>> [15538] 1493491231.918229: Server has referral realm; 
>>>>>>>>>> starting with test-service/localh...@test.com [15538] 
>>>>>>>>>> 1493491231.918278:
>>>>>>>>>> Retrieving dran...@test.com -> krbtgt/test....@test.com from 
>>>>>>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc with result:
>>>>>>>>>> 0/Success
>>>>>>>>>> [15538] 1493491231.918281: Starting with TGT for client realm:
>>>>>>>>>> dran...@test.com -> krbtgt/test....@test.com [15538]
>>>>>>>>>> 1493491231.918301: Requesting tickets for 
>>>>>>>>>> test-service/localh...@test.com, referrals on [15538]
>>>>>>>>>> 1493491231.918326: Generated subkey for TGS request:
>>>>>>>>>> aes128-cts/FA30
>>>>>>>>>> [15538] 1493491231.918359: etypes requested in TGS request:
>>>>>>>>>> aes256-cts, aes128-cts, aes256-sha2, aes128-sha2, 
>>>>>>>>>> des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts 
>>>>>>>>>> [15538]
>>>>>> 1493491231.918484:
>>>>>>>>>> Encoding request body and padata into FAST request [15538]
>>>>>>>>>> 1493491231.918541: Sending request (836 bytes) to TEST.COM 
>>>>>>>>>> [15538]
>>>>>>>>>> 1493491231.918597: Resolving hostname localhost [15538]
>>>>>>>>>> 1493491231.918703: Initiating TCP connection to stream
>>>>>>>>>> 127.0.0.1:44292
>>>>>>>>>> [15538] 1493491231.918777: Sending TCP request to stream
>>>>>>>>>> 127.0.0.1:44292 [15538] 1493491231.922803: TCP error 
>>>>>>>>>> receiving from stream
>>>>>>>>>> 127.0.0.1:44292: 104/Connection reset by peer [15538]
>>>>>>>>>> 1493491231.922812: Terminating TCP connection to stream
>>>>>>>>>> 127.0.0.1:44292
>>>>>>>>>> [15538] 1493491231.922858: Sending initial UDP request to 
>>>>>>>>>> dgram
>>>>>>>>>> 127.0.0.1:44292
>>>>>>>>>> ('First kerberos.authGSSClientStep not successful', 
>>>>>>>>>> GSSError(('Unspecified GSS failure.  Minor code may provide 
>>>>>>>>>> more information', 851968), ("Cannot contact any KDC for 
>>>>>>>>>> realm 'TEST.COM'",
>>>>>>>>>> -1765328228)))
>>>>>>>>>> 
>>>>>>>>>> 2. For the terminal that runs mvn clean test 
>>>>>>>>>> -Dtest=MitIssueTest Running 
>>>>>>>>>> org.apache.kerby.kerberos.kerb.server.MitIssueTest
>>>>>>>>>> 2017-04-29 21:07:39,182 DEBUG [main] backend.
>>>>>> AbstractIdentityBackend:
>>>>>>>>>> initialize called
>>>>>>>>>> 2017-04-29 21:07:39,195 DEBUG [main] backend.
>>>>>> AbstractIdentityBackend:
>>>>>>>>>> getIdentity called, principalName = krbtgt/test....@test.com
>>>>>>>>>> 2017-04-29 21:07:39,195 DEBUG [main] backend.
>>>>>> AbstractIdentityBackend:
>>>>>>>>>> getIdentity failed, principalName = krbtgt/test....@test.com
>>>>>>>>>> 2017-04-29 21:07:39,212 DEBUG [main] backend.
>>>>>> AbstractIdentityBackend:
>>>>>>>>>> addIdentity successful, principalName = 
>>>>>>>>>> krbtgt/test....@test.com
>>>>>>>>>> 2017-04-29 21:07:39,212 DEBUG [main] backend.
>>>>>> AbstractIdentityBackend:
>>>>>>>>>> getIdentity called, principalName = kadmin/test....@test.com
>>>>>>>>>> 2017-04-29 21:07:39,212 DEBUG [main] backend.
>>>>>> AbstractIdentityBackend:
>>>>>>>>>> getIdentity failed, principalName = kadmin/test....@test.com
>>>>>>>>>> 2017-04-29 21:07:39,213 DEBUG [main] backend.
>>>>>> AbstractIdentityBackend:
>>>>>>>>>> addIdentity successful, principalName = 
>>>>>>>>>> kadmin/test....@test.com
>>>>>>>>>> 2017-04-29 21:07:39,216 DEBUG [main] backend.
>>>>>> AbstractIdentityBackend:
>>>>>>>>>> start called
>>>>>>>>>> 2017-04-29 21:07:39,232 DEBUG [main] backend.
>>>>>> AbstractIdentityBackend:
>>>>>>>>>> addIdentity successful, principalName = 
>>>>>>>>>> test-service/localh...@test.com
>>>>>>>>>> 2017-04-29 21:07:39,425 DEBUG [main] backend.
>>>>>> AbstractIdentityBackend:
>>>>>>>>>> addIdentity successful, principalName = dran...@test.com
>>>>>>>>>> 2017-04-29 21:07:39,465 DEBUG [pool-1-thread-1]
>>>>>>>>>> backend.AbstractIdentityBackend: getIdentity called, 
>>>>>>>>>> principalName = krbtgt/test....@test.com
>>>>>>>>>> 2017-04-29 21:07:39,465 DEBUG [pool-1-thread-1]
>>>>>>>>>> backend.AbstractIdentityBackend: getIdentity successful, 
>>>>>>>>>> principalName = krbtgt/test....@test.com
>>>>>>>>>> 2017-04-29 21:07:39,465 INFO  [pool-1-thread-1]
>>>>> request.KdcRequest:
>>>>>>>>>> Client entry is empty.
>>>>>>>>>> 2017-04-29 21:07:39,465 DEBUG [pool-1-thread-1]
>>>>>>>>>> backend.AbstractIdentityBackend: getIdentity called, 
>>>>>>>>>> principalName = dran...@test.com
>>>>>>>>>> 2017-04-29 21:07:39,465 DEBUG [pool-1-thread-1]
>>>>>>>>>> backend.AbstractIdentityBackend: getIdentity successful, 
>>>>>>>>>> principalName = dran...@test.com
>>>>>>>>>> 2017-04-29 21:07:39,465 DEBUG [pool-1-thread-1]
>>>>>>>>>> backend.AbstractIdentityBackend: getIdentity called, 
>>>>>>>>>> principalName = krbtgt/test....@test.com
>>>>>>>>>> 2017-04-29 21:07:39,465 DEBUG [pool-1-thread-1]
>>>>>>>>>> backend.AbstractIdentityBackend: getIdentity successful, 
>>>>>>>>>> principalName = krbtgt/test....@test.com
>>>>>>>>>> 2017-04-29 21:07:39,476 DEBUG [pool-1-thread-1]
>>>>>>>>>> impl.DefaultKdcHandler: Transport or decoding error occurred, 
>>>>>>>>>> disconnecting abnormally java.io.EOFException
>>>>>>>>>>   at java.io.DataInputStream.readInt(DataInputStream.java:392)
>>>>>>>>>>   at
>>>>>>>>>> org.apache.kerby.kerberos.kerb.transport.KrbTcpTransport.
>>>>>>>> receiveMessage(KrbTcpTransport.java:54)
>>>>>>>>>>   at
>>>>>>>>>> org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandler.
>>>>>>>>>> ru
>>>>>>>>>> n(
>>>>>>>> DefaultKdcHandler.java:46)
>>>>>>>>>>   at
>>>>>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(
>>>>>>>> ThreadPoolExecutor.java:1142)
>>>>>>>>>>   at
>>>>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(
>>>>>>>> ThreadPoolExecutor.java:617)
>>>>>>>>>>   at java.lang.Thread.run(Thread.java:748)
>>>>>>>>>> 2017-04-29 21:07:39,477 INFO  [main] client.KrbClientBase:
>>>>>>>>>> Storing the tgt to the credential cache file.
>>>>>>>>>> 2017-04-29 21:07:39,491 DEBUG [main] backend.
>>>>>> AbstractIdentityBackend:
>>>>>>>>>> getIdentity called, principalName = 
>>>>>>>>>> test-service/localh...@test.com
>>>>>>>>>> 2017-04-29 21:07:39,491 DEBUG [main] backend.
>>>>>> AbstractIdentityBackend:
>>>>>>>>>> getIdentity successful, principalName = 
>>>>>>>>>> test-service/localh...@test.com
>>>>>>>>>> 2017-04-29 21:07:39,498 DEBUG [pool-1-thread-1]
>>>>>>>>>> backend.AbstractIdentityBackend: getIdentity called, 
>>>>>>>>>> principalName = krbtgt/test....@test.com
>>>>>>>>>> 2017-04-29 21:07:39,498 DEBUG [pool-1-thread-1]
>>>>>>>>>> backend.AbstractIdentityBackend: getIdentity successful, 
>>>>>>>>>> principalName = krbtgt/test....@test.com
>>>>>>>>>> 2017-04-29 21:07:39,498 INFO  [pool-1-thread-1]
>>>>> request.KdcRequest:
>>>>>>>>>> Client entry is empty.
>>>>>>>>>> 2017-04-29 21:07:39,499 DEBUG [pool-1-thread-1]
>>>>>>>>>> backend.AbstractIdentityBackend: getIdentity called, 
>>>>>>>>>> principalName = test-service/localh...@test.com
>>>>>>>>>> 2017-04-29 21:07:39,499 DEBUG [pool-1-thread-1]
>>>>>>>>>> backend.AbstractIdentityBackend: getIdentity successful, 
>>>>>>>>>> principalName = test-service/localh...@test.com
>>>>>>>>>> 2017-04-29 21:07:39,499 DEBUG [pool-1-thread-1]
>>>>>>>>>> backend.AbstractIdentityBackend: getIdentity called, 
>>>>>>>>>> principalName = krbtgt/test....@test.com
>>>>>>>>>> 2017-04-29 21:07:39,499 DEBUG [pool-1-thread-1]
>>>>>>>>>> backend.AbstractIdentityBackend: getIdentity successful, 
>>>>>>>>>> principalName = krbtgt/test....@test.com
>>>>>>>>>> 2017-04-29 21:07:39,499 INFO  [pool-1-thread-1]
>>>>> request.KdcRequest:
>>>>>>>>>> The preauth data is empty.
>>>>>>>>>> 2017-04-29 21:07:39,501 INFO  [pool-1-thread-1] server.KdcHandler:
>>>>>>>>>> KRB error occurred while processing request:Additional 
>>>>>>>>>> pre-authentication required
>>>>>>>>>> 2017-04-29 21:07:39,502 DEBUG [pool-1-thread-1]
>>>>>>>>>> impl.DefaultKdcHandler: Transport or decoding error occurred, 
>>>>>>>>>> disconnecting abnormally java.io.EOFException
>>>>>>>>>>   at java.io.DataInputStream.readInt(DataInputStream.java:392)
>>>>>>>>>>   at
>>>>>>>>>> org.apache.kerby.kerberos.kerb.transport.KrbTcpTransport.
>>>>>>>> receiveMessage(KrbTcpTransport.java:54)
>>>>>>>>>>   at
>>>>>>>>>> org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandler.
>>>>>>>>>> ru
>>>>>>>>>> n(
>>>>>>>> DefaultKdcHandler.java:46)
>>>>>>>>>>   at
>>>>>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(
>>>>>>>> ThreadPoolExecutor.java:1142)
>>>>>>>>>>   at
>>>>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(
>>>>>>>> ThreadPoolExecutor.java:617)
>>>>>>>>>>   at java.lang.Thread.run(Thread.java:748)
>>>>>>>>>> 2017-04-29 21:07:39,505 DEBUG [pool-1-thread-1]
>>>>>>>>>> backend.AbstractIdentityBackend: getIdentity called, 
>>>>>>>>>> principalName = krbtgt/test....@test.com
>>>>>>>>>> 2017-04-29 21:07:39,505 DEBUG [pool-1-thread-1]
>>>>>>>>>> backend.AbstractIdentityBackend: getIdentity successful, 
>>>>>>>>>> principalName = krbtgt/test....@test.com
>>>>>>>>>> 2017-04-29 21:07:39,505 INFO  [pool-1-thread-1]
>>>>> request.KdcRequest:
>>>>>>>>>> Client entry is empty.
>>>>>>>>>> 2017-04-29 21:07:39,506 DEBUG [pool-1-thread-1]
>>>>>>>>>> backend.AbstractIdentityBackend: getIdentity called, 
>>>>>>>>>> principalName = test-service/localh...@test.com
>>>>>>>>>> 2017-04-29 21:07:39,506 DEBUG [pool-1-thread-1]
>>>>>>>>>> backend.AbstractIdentityBackend: getIdentity successful, 
>>>>>>>>>> principalName = test-service/localh...@test.com
>>>>>>>>>> 2017-04-29 21:07:39,506 DEBUG [pool-1-thread-1]
>>>>>>>>>> backend.AbstractIdentityBackend: getIdentity called, 
>>>>>>>>>> principalName = krbtgt/test....@test.com
>>>>>>>>>> 2017-04-29 21:07:39,506 DEBUG [pool-1-thread-1]
>>>>>>>>>> backend.AbstractIdentityBackend: getIdentity successful, 
>>>>>>>>>> principalName = krbtgt/test....@test.com
>>>>>>>>>> 2017-04-29 21:07:39,510 DEBUG [pool-1-thread-1]
>>>>>>>>>> impl.DefaultKdcHandler: Transport or decoding error occurred, 
>>>>>>>>>> disconnecting abnormally java.io.EOFException
>>>>>>>>>>   at java.io.DataInputStream.readInt(DataInputStream.java:392)
>>>>>>>>>>   at
>>>>>>>>>> org.apache.kerby.kerberos.kerb.transport.KrbTcpTransport.
>>>>>>>> receiveMessage(KrbTcpTransport.java:54)
>>>>>>>>>>   at
>>>>>>>>>> org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandler.
>>>>>>>>>> ru
>>>>>>>>>> n(
>>>>>>>> DefaultKdcHandler.java:46)
>>>>>>>>>>   at
>>>>>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(
>>>>>>>> ThreadPoolExecutor.java:1142)
>>>>>>>>>>   at
>>>>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(
>>>>>>>> ThreadPoolExecutor.java:617)
>>>>>>>>>>   at java.lang.Thread.run(Thread.java:748)
>>>>>>>>>> 2017-04-29 21:07:55,602 DEBUG [pool-1-thread-1]
>>>>>>>>>> backend.AbstractIdentityBackend: getIdentity called, 
>>>>>>>>>> principalName = krbtgt/test....@test.com
>>>>>>>>>> 2017-04-29 21:07:55,602 DEBUG [pool-1-thread-1]
>>>>>>>>>> backend.AbstractIdentityBackend: getIdentity successful, 
>>>>>>>>>> principalName = krbtgt/test....@test.com
>>>>>>>>>> 2017-04-29 21:07:55,602 INFO  [pool-1-thread-1]
>>>>> request.KdcRequest:
>>>>>>>>>> Found fast padata and start to process it.
>>>>>>>>>> 2017-04-29 21:07:55,603 ERROR [pool-1-thread-1]
>>>>>>>>>> impl.DefaultKdcHandler: Error occured while processing request:
>>>>>>>>>> org.apache.kerby.kerberos.kerb.KrbException: Decoding failed
>>>>>>>>>>   at org.apache.kerby.kerberos.kerb.KrbCodec.decode(KrbCodec.
>>>>>>>> java:85)
>>>>>>>>>>   at org.apache.kerby.kerberos.kerb.KrbCodec.decode(KrbCodec.
>>>>>>>> java:70)
>>>>>>>>>>   at
>>>>>>>>>> org.apache.kerby.kerberos.kerb.server.request.KdcRequest.kdcF
>>>>>>>>>> in
>>>>>>>>>> dF
>>>>>>>>>> as
>>>>>>>>>> t(
>>>>>>>> KdcRequest.java:208)
>>>>>>>>>>   at
>>>>>>>>>> org.apache.kerby.kerberos.kerb.server.request.
>>>>>>>> KdcRequest.process(KdcRequest.java:168)
>>>>>>>>>>   at
>>>>>>>>>> org.apache.kerby.kerberos.kerb.server.KdcHandler.
>>>>>>>> handleMessage(KdcHandler.java:115)
>>>>>>>>>>   at
>>>>>>>>>> org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandler.
>>>>>>>> handleMessage(DefaultKdcHandler.java:67)
>>>>>>>>>>   at
>>>>>>>>>> org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandler.
>>>>>>>>>> ru
>>>>>>>>>> n(
>>>>>>>> DefaultKdcHandler.java:52)
>>>>>>>>>>   at
>>>>>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(
>>>>>>>> ThreadPoolExecutor.java:1142)
>>>>>>>>>>   at
>>>>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(
>>>>>>>> ThreadPoolExecutor.java:617)
>>>>>>>>>>   at java.lang.Thread.run(Thread.java:748)
>>>>>>>>>> Caused by: java.io.IOException: Unexpected item context [0] 
>>>>>>>>>> [tag=0xA0, off=0, len=3+207], expecting 0x30
>>>>>>>>>>   at
>>>>>>>>>> org.apache.kerby.asn1.type.Asn1Encodeable.decode(
>>>>>>>> Asn1Encodeable.java:210)
>>>>>>>>>>   at
>>>>>>>>>> org.apache.kerby.asn1.type.Asn1Encodeable.decode(
>>>>>>>> Asn1Encodeable.java:197)
>>>>>>>>>>   at org.apache.kerby.kerberos.kerb.KrbCodec.decode(KrbCodec.
>>>>>>>> java:83)
>>>>>>>>>>   ... 9 more
>>>>>>>>>> 2017-04-29 21:07:55,604 DEBUG [pool-1-thread-1]
>>>>>>>>>> impl.DefaultKdcHandler: Transport or decoding error occurred, 
>>>>>>>>>> disconnecting abnormally
>>>>>>>>>> java.net.SocketException: Socket closed
>>>>>>>>>>   at java.net.SocketInputStream.socketRead0(Native Method)
>>>>>>>>>>   at java.net.SocketInputStream.socketRead(SocketInputStream.
>>>>>>>> java:116)
>>>>>>>>>>   at java.net.SocketInputStream.read(SocketInputStream.java:
>>>>> 171)
>>>>>>>>>>   at java.net.SocketInputStream.read(SocketInputStream.java:
>>>>> 141)
>>>>>>>>>>   at java.net.SocketInputStream.read(SocketInputStream.java:
>>>>> 224)
>>>>>>>>>>   at java.io.DataInputStream.readInt(DataInputStream.java:387)
>>>>>>>>>>   at
>>>>>>>>>> org.apache.kerby.kerberos.kerb.transport.KrbTcpTransport.
>>>>>>>> receiveMessage(KrbTcpTransport.java:54)
>>>>>>>>>>   at
>>>>>>>>>> org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandler.
>>>>>>>>>> ru
>>>>>>>>>> n(
>>>>>>>> DefaultKdcHandler.java:46)
>>>>>>>>>>   at
>>>>>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(
>>>>>>>> ThreadPoolExecutor.java:1142)
>>>>>>>>>>   at
>>>>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(
>>>>>>>> ThreadPoolExecutor.java:617)
>>>>>>>>>>   at java.lang.Thread.run(Thread.java:748)
>>>>>>>>>> 
>>>>>>>>>> In a FreeIPA environment these python lines "just" work.
>>>>>>>>>> 
>>>>>>>>>> Any suggestions are welcome!
>>>>>>>>>> 
>>>>>>>>>> Marc
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>> --
>>>>>>>>> Marc de Lignie
>>>>>>>>> 
>>>>>>>> 
>>>>>>>> --
>>>>>>>> Marc de Lignie
>>>>>>>> 
>>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> --
>>>>>>> Colm O hEigeartaigh
>>>>>>> 
>>>>>>> Talend Community Coder
>>>>>>> http://coders.talend.com
>>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> --
>>>>>> Colm O hEigeartaigh
>>>>>> 
>>>>>> Talend Community Coder
>>>>>> http://coders.talend.com
>>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> --
>>>>> Colm O hEigeartaigh
>>>>> 
>>>>> Talend Community Coder
>>>>> http://coders.talend.com
>>>>> 
>>>> 
>>>> 
>>>> 
>>>> --
>>>> Colm O hEigeartaigh
>>>> 
>>>> Talend Community Coder
>>>> http://coders.talend.com
>>> 
>>> 
>> 
>> 
>> --
>> Colm O hEigeartaigh
>> 
>> Talend Community Coder
>> http://coders.talend.com

Reply via email to