Yes, it works perfectly, thanks Jiajia for the fix! I'll resolve the JIRA. Colm.
On Mon, Jun 19, 2017 at 6:09 AM, Li, Jiajia <jiajia...@intel.com> wrote: > Hi Colm, > Thanks for providing the way to reproduce the error, and I have the fix in > trunk code, can you take some time to check it? > > Commit log: > commit 106299efb7aa3001da89ae821eb43285c544bab7 > Author: plusplusjiajia <jiajia...@intel.com> > Date: Mon Jun 19 13:07:04 2017 +0800 > > Fix DIRKRB-629:ICMP Port Unreachable error message with GSS + default > transport. > > > Thanks > Jiajia > > -----Original Message----- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > Sent: Monday, May 8, 2017 6:19 PM > To: kerby@directory.apache.org > Subject: Re: MIT Kerberos compatibility > > OK I have created a JIRA and attached a patch that you have to apply to the > Apache WSS4J project to reproduce the error. If you uncomment the line that > uses Netty then the tests all work perfectly. The tests appear to work fine > when run in isolation, it's only when you run a few of them after one > another that you can see the failures. > > Please let me know if you have any difficulty in reproducing, thanks! > > Colm. > > On Mon, May 8, 2017 at 11:08 AM, Zheng, Kai <kai.zh...@intel.com> wrote: > > > Hi Colm, > > > > Sure, please do it. Could you review my change and see how it would cause > > the new failures? Any difference between the failed GSS tests and the > Kerby > > GSS tests? > > > > Regards, > > Kai > > > > -----Original Message----- > > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > > Sent: Monday, May 08, 2017 5:42 PM > > To: Zheng, Kai <kai.zh...@intel.com> > > Cc: kerby@directory.apache.org > > Subject: Re: MIT Kerberos compatibility > > > > Hi Kai, > > > > Your changes fixed the error message I was seeing. However, I now see > > another problem when I run a few GSS client tests in a row: > > > > >>> EType: sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType > > >>> KrbAsReq creating message > > >>> KrbKdcReq send: kdc=localhost UDP:42665, timeout=30000, number of > > retries =3, #bytes=245 > > >>> KDCCommunication: kdc=localhost UDP:42665, timeout=30000,Attempt =1, > > #bytes=245 > > SocketTimeOutException with attempt: 1 > > >>> KDCCommunication: kdc=localhost UDP:42665, timeout=30000,Attempt =2, > > #bytes=245 > > >>> KrbKdcReq send: error trying localhost:42665 > > java.net.PortUnreachableException: ICMP Port Unreachable > > > > Do you want me to create a JIRA + attach a test-case? > > > > Colm. > > > > On Sat, May 6, 2017 at 2:01 AM, Zheng, Kai <kai.zh...@intel.com> wrote: > > > > > I haven't repeated the issue but revisited the codes again and made > > > improvements. Would you check it out? Thanks! > > > > > > Sent from iPhone > > > > > > > 在 2017年5月6日,上午6:28,Zheng, Kai <kai.zh...@intel.com> 写道: > > > > > > > > Thanks colm for the clarification and it sounds an issue we need to > > > address. I will investigate it soon. > > > > > > > > Sent from iPhone > > > > > > > >> 在 2017年5月6日,上午2:14,Colm O hEigeartaigh <cohei...@apache.org> 写道: > > > >> > > > >> Hi Kai, > > > >> > > > >> If I enable UDP with the default Transport, I can get a ticket fine > > > using > > > >> kinit. However then the following error pops up in the window I'm > > > running > > > >> Kerby in (as a test): > > > >> > > > >> Exception in thread "Thread-1" java.lang.RuntimeException: Error > > > >> occured while checking udp connections > > > >> at > > > >> org.apache.kerby.kerberos.kerb.transport.KdcNetwork.run( > > > KdcNetwork.java:105) > > > >> at > > > >> org.apache.kerby.kerberos.kerb.transport.KdcNetwork. > > > access$000(KdcNetwork.java:39) > > > >> at > > > >> org.apache.kerby.kerberos.kerb.transport.KdcNetwork$1. > > > run(KdcNetwork.java:75) > > > >> at java.lang.Thread.run(Thread.java:748) > > > >> Caused by: java.nio.channels.ClosedChannelException > > > >> at > > > >> sun.nio.ch.DatagramChannelImpl.ensureOpen( > > DatagramChannelImpl.java:320) > > > >> at sun.nio.ch.DatagramChannelImpl.receive( > > > DatagramChannelImpl.java:331) > > > >> at > > > >> org.apache.kerby.kerberos.kerb.transport.KdcNetwork. > > > checkUdpMessage(KdcNetwork.java:132) > > > >> at > > > >> org.apache.kerby.kerberos.kerb.transport.KdcNetwork.run( > > > KdcNetwork.java:101) > > > >> > > > >> Colm. > > > >> > > > >> > > > >>> On Fri, May 5, 2017 at 5:56 PM, Zheng, Kai <kai.zh...@intel.com> > > > wrote: > > > >>> > > > >>> Colm, did you see udp problem now instead? I'm a little confused. > > > >>> Udp > > > is > > > >>> sure supported but may not be enabled by default, which should be > > > >>> okay, imo. Thanks. > > > >>> > > > >>> Sent from iPhone > > > >>> > > > >>>> 在 2017年5月6日,上午12:02,Colm O hEigeartaigh <cohei...@apache.org> 写道: > > > >>>> > > > >>>> That's probably it. Why does the default transport not support > > > >>>> UDP in > > > >>> Kerby? > > > >>>> > > > >>>> Colm. > > > >>>> > > > >>>>> On Fri, May 5, 2017 at 4:54 PM, Li, Jiajia <jiajia...@intel.com> > > > wrote: > > > >>>>> > > > >>>>> Are you sure add kdc_allow_udp = false in kdc.conf? > > > >>>>> > > > >>>>> Thanks > > > >>>>> Jiajia > > > >>>>> > > > >>>>> -----Original Message----- > > > >>>>> From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > > > >>>>> Sent: Friday, May 5, 2017 11:41 PM > > > >>>>> To: Li, Jiajia <jiajia...@intel.com> > > > >>>>> Cc: kerby@directory.apache.org; Zheng, Kai > > > >>>>> <kai.zh...@intel.com>; > > > >>> mailto: > > > >>>>> m.c.delig...@xs4all.nl <m.c.delig...@xs4all.nl> > > > >>>>> Subject: Re: MIT Kerberos compatibility > > > >>>>> > > > >>>>> Sorry, it was my error, UDP was actually enabled there. But why > > > >>>>> am I > > > >>> still > > > >>>>> seeing that error message? > > > >>>>> > > > >>>>> Colm. > > > >>>>> > > > >>>>>> On Fri, May 5, 2017 at 4:39 PM, Li, Jiajia > > > >>>>>> <jiajia...@intel.com> > > > >>> wrote: > > > >>>>>> > > > >>>>>> Hi Colm, > > > >>>>>> I also test the Kerby KDC with kerby kint and MIT kinit, and > > > >>>>>> only listen the tcp port(disable udp), both got ticket > > > >>>>>> successfully. But > > > I > > > >>>>>> don't get the error message. Both krb.conf and kdc.conf should > > > >>>>>> set > > > udp > > > >>>>>> to be false, udp is enabled in default. > > > >>>>>> > > > >>>>>> Thanks > > > >>>>>> Jiajia > > > >>>>>> > > > >>>>>> -----Original Message----- > > > >>>>>> From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > > > >>>>>> Sent: Friday, May 5, 2017 11:34 PM > > > >>>>>> To: kerby@directory.apache.org > > > >>>>>> Cc: Zheng, Kai <kai.zh...@intel.com>; > > > >>>>>> mailto:m.c.delig...@xs4all.nl > > > < > > > >>>>>> m.c.delig...@xs4all.nl> > > > >>>>>> Subject: Re: MIT Kerberos compatibility > > > >>>>>> > > > >>>>>> Hi Jiajia, > > > >>>>>> > > > >>>>>> If UDP is disabled and we don't use Netty, I can get a token > > > >>>>>> successfully via kinit. However I then see an error message in > > > >>>>>> the > > > >>> Kerby > > > >>>>> console: > > > >>>>>> > > > >>>>>> Exception in thread "Thread-1" java.lang.RuntimeException: > > > >>>>>> Error occured while checking udp connections at > > > >>>>>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork.run( > > > >>>>>> KdcNetwork.java:105) > > > >>>>>> at > > > >>>>>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork. > > > >>>>>> access$000(KdcNetwork.java:39) > > > >>>>>> at > > > >>>>>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork$1. > > > >>>>>> run(KdcNetwork.java:75) > > > >>>>>> at java.lang.Thread.run(Thread.java:748) > > > >>>>>> Caused by: java.nio.channels.ClosedChannelException > > > >>>>>> at > > > >>>>>> sun.nio.ch.DatagramChannelImpl.ensureOpen( > > > >>> DatagramChannelImpl.java:320) > > > >>>>>> at sun.nio.ch.DatagramChannelImpl.receive( > > > >>>>>> DatagramChannelImpl.java:331) > > > >>>>>> at > > > >>>>>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork. > > > >>>>>> checkUdpMessage(KdcNetwork.java:132) > > > >>>>>> at > > > >>>>>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork.run( > > > >>>>>> KdcNetwork.java:101) > > > >>>>>> > > > >>>>>> I'm not sure why we are seeing UDP errors when it's disabled? > > > >>>>>> > > > >>>>>> Colm. > > > >>>>>> > > > >>>>>>> On Fri, May 5, 2017 at 3:57 PM, Li, Jiajia > > > >>>>>>> <jiajia...@intel.com> > > > >>> wrote: > > > >>>>>>> > > > >>>>>>> Hi Colm, > > > >>>>>>> The shell client can't connect to kdc if the UDP is disabled. > > > >>>>>>> We don't use Netty in default. > > > >>>>>>> What's your test-cases? The same as the Marc's? > > > >>>>>>> > > > >>>>>>> Thanks > > > >>>>>>> Jiajia > > > >>>>>>> > > > >>>>>>> -----Original Message----- > > > >>>>>>> From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > > > >>>>>>> Sent: Friday, May 5, 2017 10:09 PM > > > >>>>>>> To: kerby@directory.apache.org > > > >>>>>>> Cc: Zheng, Kai <kai.zh...@intel.com>; mailto: > > > m.c.delig...@xs4all.nl > > > >>>>>>> < m.c.delig...@xs4all.nl> > > > >>>>>>> Subject: Re: MIT Kerberos compatibility > > > >>>>>>> > > > >>>>>>> Hi Jiajia, > > > >>>>>>> > > > >>>>>>> What are the issues if UDP is disabled and we don't use Netty? > > > >>>>>>> I tried doing this with my own test-cases and it didn't work, > > > >>>>>>> so it would be good to get this fixed soon. > > > >>>>>>> > > > >>>>>>> Colm. > > > >>>>>>> > > > >>>>>>> On Fri, May 5, 2017 at 2:46 PM, Li, Jiajia > > > >>>>>>> <jiajia...@intel.com> > > > >>>>> wrote: > > > >>>>>>> > > > >>>>>>>> Hi Marc, > > > >>>>>>>>>>> - your KRB5 tracing looks quite different. What OS and > > > >>>>>>>>>>> mit-kerberos > > > >>>>>>>> version did you use? > > > >>>>>>>> I use mac os and the python version is 2.7.10 > > > >>>>>>>> > > > >>>>>>>>>>> - your KRB5 tracing shows UDP comms between kerberos > > > >>>>>>>>>>> client and KDC, > > > >>>>>>>> despite the allowUDP = false setting > > > >>>>>>>>>>> in my test. I did this setting because I get different > > > >>>>>>>>>>> problems > > > >>>>>>>> without it, see the additional logs below. So, > > > >>>>>>>>>>> we must also be aware of networking problems at my side. > > > >>>>>>>> I enable the UDP and use netty network, there are some issues > > > >>>>>>>> if UDP disabled, you can create a JIRA for this and we can > > > >>>>>>>> fix this issue in the next release version. > > > >>>>>>>> > > > >>>>>>>> The changes in my side as following: > > > >>>>>>>> > > > >>>>>>>> protected boolean allowUdp() { return true; } @Override > > > >>>>>>>> protected void prepareKdc() throws KrbException { > > > >>>>>>>> getKdcServer().setInnerKdcImpl( > > > >>>>>>>> new > > > >>>>>>>> NettyKdcServerImpl(getKdcServer().getKdcSetting())); > > > >>>>>>>> super.prepareKdc(); > > > >>>>>>>> } > > > >>>>>>>> > > > >>>>>>>> Here is log of MitIssueTest: > > > >>>>>>>> [INFO] Running > > > >>>>>>>> org.apache.kerby.kerberos.kerb.server.MitIssueTest > > > >>>>>>>> [nioEventLoopGroup-2-1] INFO > > > >>>>>>>> io.netty.handler.logging.LoggingHandler > > > >>>>>>>> - > > > >>>>>>>> [id: 0x2634fe6b] REGISTERED > > > >>>>>>>> [nioEventLoopGroup-2-1] INFO > > > >>>>>>>> io.netty.handler.logging.LoggingHandler > > > >>>>>>>> - > > > >>>>>>>> [id: 0x2634fe6b] BIND(0.0.0.0/0.0.0.0:53957) > > > >>>>>>>> [nioEventLoopGroup-2-1] INFO > > > >>>>>>>> io.netty.handler.logging.LoggingHandler - > > > >>>>>>>> [id: 0x2634fe6b, /0:0:0:0:0:0:0:0:53957] ACTIVE [main] INFO > > > >>>>>>>> org.apache.kerby.kerberos.kdc.impl.NettyKdcServerImpl - Netty > > > >>>>>>>> kdc server started. > > > >>>>>>>> [nioEventLoopGroup-2-1] INFO > > > >>>>>>>> io.netty.handler.logging.LoggingHandler > > > >>>>>>>> - > > > >>>>>>>> [id: 0x2634fe6b, /0:0:0:0:0:0:0:0:53957] RECEIVED: [id: > > > >>>>>>>> 0xdac7228b, / > > > >>>>>>>> 127.0.0.1:53961 => /127.0.0.1:53957] > > > >>>>>>>> [defaultEventExecutorGroup-4-1] INFO > > > >>>>>>>> org.apache.kerby.kerberos.kerb.server.request.AsRequest > > > >>>>>>>> - AS_REQ ISSUE: authtime 1493991123792,dran...@test.com for > > > >>>>>>>> krbtgt/ test....@test.com [main] INFO > > > >>>>>>>> org.apache.kerby.kerberos.kerb.client.impl. > > > DefaultInternalKrbClien > > > >>>>>>>> t > > > >>>>>>>> - Send to kdc success. > > > >>>>>>>> [main] INFO > > > >>>>>>>> org.apache.kerby.kerberos.kerb.client.KrbClientBase - Storing > > the tgt to the credential cache file. > > > >>>>>>>> [nioEventLoopGroup-5-1] INFO > > > >>>>>>>> org.apache.kerby.kerberos.kerb.server.request.KdcRequest > > > >>>>>>>> - The preauth data is empty. > > > >>>>>>>> [nioEventLoopGroup-5-1] INFO > > > >>>>>>>> org.apache.kerby.kerberos.kerb.server.KdcHandler > > > >>>>>>>> - KRB error occurred while processing request:Additional > > > >>>>>>>> pre-authentication required [nioEventLoopGroup-5-1] INFO > > > >>>>>>>> org.apache.kerby.kerberos.kerb.server.request.AsRequest > > > >>>>>>>> - AS_REQ ISSUE: authtime > > > >>>>>>>> 1493991123859,test-service/localh...@test.com > > > >>>>>>>> for krbtgt/test....@test.com > > > >>>>>>>> [nioEventLoopGroup-5-1] INFO > > > >>>>>>>> org.apache.kerby.kerberos.kerb.server.request.TgsRequest > > > >>>>>>>> - TGS_REQ ISSUE: authtime 1493991142850,drankye for > > > >>>>>>>> test-service/ localh...@test.com > > > >>>>>>>> > > > >>>>>>>> Thanks > > > >>>>>>>> Jiajia > > > >>>>>>>> > > > >>>>>>>> -----Original Message----- > > > >>>>>>>> From: Zheng, Kai > > > >>>>>>>> Sent: Friday, May 5, 2017 7:46 PM > > > >>>>>>>> To: kerby@directory.apache.org; Li, Jiajia > > > >>>>>>>> <jiajia...@intel.com> > > > >>>>>>>> Subject: RE: MIT Kerberos compatibility > > > >>>>>>>> > > > >>>>>>>> Hi Marc, > > > >>>>>>>> > > > >>>>>>>> Looks like this is quite environment related, could you fire > > > >>>>>>>> an issue for this? I would suggest we target it to 1.1.0, > > > >>>>>>>> which can be done in > > > >>>>>>> June. > > > >>>>>>>> > > > >>>>>>>> Regards, > > > >>>>>>>> Kai > > > >>>>>>>> > > > >>>>>>>> -----Original Message----- > > > >>>>>>>> From: Marc de Lignie [mailto:m.c.delig...@xs4all.nl] > > > >>>>>>>> Sent: Friday, May 05, 2017 4:44 PM > > > >>>>>>>> To: Li, Jiajia <jiajia...@intel.com> > > > >>>>>>>> Cc: kerby@directory.apache.org > > > >>>>>>>> Subject: Re: MIT Kerberos compatibility > > > >>>>>>>> > > > >>>>>>>> Hi Jiajia, > > > >>>>>>>> > > > >>>>>>>> Great to read that you made progress on this issue and to see > > > >>>>>>>> a working config at your side. Below, I list my progress > > > >>>>>>>> below (with trunk merged into my MitIssue branch), but I am > > > >>>>>>>> afraid we are not done > > > >>>>>>> yet. > > > >>>>>>>> > > > >>>>>>>> Things that stand out: > > > >>>>>>>> > > > >>>>>>>> - the kdc decoding error is solved, relative to the logs > > > >>>>>>>> without your patch > > > >>>>>>>> > > > >>>>>>>> - your KRB5 tracing looks quite different. What OS and > > > >>>>>>>> mit-kerberos version did you use? > > > >>>>>>>> > > > >>>>>>>> - your KRB5 tracing shows UDP comms between kerberos client > > > >>>>>>>> and KDC, despite the allowUDP = false setting in my test. I > > > >>>>>>>> did this setting because I get different problems without it, > > > >>>>>>>> see the additional logs below. So, we must also be aware of > > > >>>>>>>> networking > > > >>>>> problems at my side. > > > >>>>>>>> > > > >>>>>>>> - the "Response was not from master KDC" msg is not relevant; > > > >>>>>>>> it disappears if you manually add master_kdc to the realms > > > >>>>>>>> section of the krb5.conf > > > >>>>>>>> > > > >>>>>>>> I have no idea how to proceed from here, so that is why I > > > >>>>>>>> just document the status at my side and ask about your - > > > >>>>>>>> apparently working - > > > >>>>>>> config. > > > >>>>>>>> > > > >>>>>>>> Cheers, Marc > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> KDC logging with allowUDP = false: > > > >>>>>>>> > > > >>>>>>>> [INFO] Running > > > >>>>>>>> org.apache.kerby.kerberos.kerb.server.MitIssueTest > > > >>>>>>>> [pool-1-thread-1] INFO > > > >>>>>>>> org.apache.kerby.kerberos.kerb.server.request.AsRequest - > > > >>>>>>>> AS_REQ > > > >>>>>> ISSUE: > > > >>>>>>>> authtime 1493970789075,dran...@test.com for > > > >>>>>>>> krbtgt/test....@test.com [main] INFO > > > >>>>>>>> org.apache.kerby.kerberos.kerb.client.impl. > > > DefaultInternalKrbClien > > > >>>>>>>> t > > > >>>>>>>> - Send to kdc success. > > > >>>>>>>> [main] INFO > > > >>>>>>>> org.apache.kerby.kerberos.kerb.client.KrbClientBase - Storing > > the tgt to the credential cache file. > > > >>>>>>>> [pool-1-thread-1] INFO > > > >>>>>>>> org.apache.kerby.kerberos.kerb.server.request.KdcRequest - > > > >>>>>>>> The preauth data is empty. > > > >>>>>>>> [pool-1-thread-1] INFO > > > >>>>>>>> org.apache.kerby.kerberos.kerb.server.KdcHandler > > > >>>>>>>> - KRB error occurred while processing request:Additional > > > >>>>>>>> pre-authentication required [pool-1-thread-1] INFO > > > >>>>>>>> org.apache.kerby.kerberos.kerb.server.request.AsRequest - > > > >>>>>>>> AS_REQ > > > >>>>>> ISSUE: > > > >>>>>>>> authtime 1493970789108,test-service/localh...@test.com for > > > krbtgt/ > > > >>>>>>>> test....@test.com [pool-1-thread-1] INFO > > > >>>>>>>> org.apache.kerby.kerberos.kerb.server.request.KdcRequest > > > >>>>>>>> - Found fast padata and starting to process it. > > > >>>>>>>> [pool-1-thread-1] INFO > > > >>>>>>>> org.apache.kerby.kerberos.kerb.server.request.KdcRequest - > > > >>>>>>>> Found fast padata and starting to process it. > > > >>>>>>>> > > > >>>>>>>> Python script KRB5 tracing (MIT Kerberos 1.13.2 of Ubuntu > > > >>>>>>>> Xenial) with allowUDP = false: > > > >>>>>>>> > > > >>>>>>>> $ . > > > >>>>>>>> kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/ > > > >>>>>>>> kerberos/kerb/server/MitIssueTest.sh > > > >>>>>>>> [25281] 1493970797.298753: Retrieving dran...@test.com from > > > >>>>>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) > > > >>>>>>>> with > > > >>>>> result: > > > >>>>>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not > > > >>>>>>>> found [25281] > > > >>>>>>>> 1493970797.298952: Retrieving dran...@test.com from > > > >>>>>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) > > > >>>>>>>> with > > > >>>>> result: > > > >>>>>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not > > > >>>>>>>> found [25281] > > > >>>>>>>> 1493970797.299106: Retrieving dran...@test.com from > > > >>>>>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) > > > >>>>>>>> with > > > >>>>> result: > > > >>>>>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not > > > >>>>>>>> found [25281] > > > >>>>>>>> 1493970797.299213: Retrieving dran...@test.com from > > > >>>>>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) > > > >>>>>>>> with > > > >>>>> result: > > > >>>>>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not > > > >>>>>>>> found [25281] > > > >>>>>>>> 1493970797.299323: Retrieving dran...@test.com from > > > >>>>>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) > > > >>>>>>>> with > > > >>>>> result: > > > >>>>>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not > > > >>>>>>>> found [25281] > > > >>>>>>>> 1493970797.299436: Retrieving dran...@test.com from > > > >>>>>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) > > > >>>>>>>> with > > > >>>>> result: > > > >>>>>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not > > > >>>>>>>> found [25281] > > > >>>>>>>> 1493970797.299545: Retrieving dran...@test.com from > > > >>>>>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) > > > >>>>>>>> with > > > >>>>> result: > > > >>>>>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not > > > >>>>>>>> found [25281] > > > >>>>>>>> 1493970797.299654: Retrieving dran...@test.com from > > > >>>>>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) > > > >>>>>>>> with > > > >>>>> result: > > > >>>>>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not > > > >>>>>>>> found kerberos.authGSSClientInit successful [25281] > > 1493970797.299922: > > > >>>>>>>> Getting credentials dran...@test.com -> > > > >>>>>>>> test-service/localhost@ using ccache > > > >>>>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc > > > >>>>>>>> [25281] 1493970797.299945: Retrieving dran...@test.com -> > > > >>>>>>>> test-service/localhost@ from > > > >>>>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc > > > >>>>>>>> with result: > > > >>>>>>>> -1765328243/Matching credential not found [25281] > > > 1493970797.299959: > > > >>>>>>>> Retrying dran...@test.com -> test-service/localh...@test.com > > > >>>>>>>> with > > > >>>>>>> result: > > > >>>>>>>> -1765328243/Matching credential not found [25281] > > > 1493970797.299962: > > > >>>>>>>> Server has referral realm; starting with > > > >>>>>>>> test-service/localh...@test.com [25281] > > > >>>>>>>> 1493970797.299975: Retrieving dran...@test.com -> > > > >>>>>>>> krbtgt/test....@test.com from > > > >>>>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc > > > >>>>>>> with result: > > > >>>>>>>> 0/Success [25281] 1493970797.299979: Starting with TGT for > > > >>>>>>>> client > > > >>>>>> realm: > > > >>>>>>>> dran...@test.com -> krbtgt/test....@test.com [25281] > > > >>>>>> 1493970797.299981: > > > >>>>>>>> Requesting tickets for test-service/localh...@test.com, > > > >>>>>>>> referrals on [25281] 1493970797.299994: Generated subkey for > > TGS request: > > > >>>>>>>> aes128-cts/1B9B [25281] 1493970797.300009: etypes requested > > > >>>>>>>> in TGS > > > >>>>>>> request: > > > >>>>>>>> aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac, > > > >>>>>>>> camellia128-cts, camellia256-cts [25281] 1493970797.300054: > > > >>>>>>>> Encoding request body and padata into FAST request [25281] > > > >>>>>>>> 1493970797.300080: Sending request > > > >>>>>>>> (823 bytes) to TEST.COM [25281] 1493970797.300091: Resolving > > > >>>>>>>> hostname localhost [25281] > > > >>>>>>>> 1493970797.300136: Initiating TCP connection to stream > > > >>>>>>>> 127.0.0.1:34319 > > > >>>>>>>> [25281] 1493970797.300191: Sending TCP request to stream > > > >>>>>>>> 127.0.0.1:34319 [25281] 1493970797.303610: Received answer > > > >>>>>>>> (125 > > > >>>>>>>> bytes) from stream > > > >>>>>>>> 127.0.0.1:34319 > > > >>>>>>>> [25281] 1493970797.303618: Terminating TCP connection to > > > >>>>>>>> stream > > > >>>>>>>> 127.0.0.1:34319 > > > >>>>>>>> [25281] 1493970797.553126: Response was not from master KDC > > > >>>>>>>> [25281] > > > >>>>>>>> 1493970797.553198: TGS request result: -1765323383/Unknown > > > >>>>>>>> code krcM > > > >>>>>>>> 137 [25281] 1493970797.553234: Requesting tickets for > > > >>>>>>>> test-service/ localh...@test.com, referrals off [25281] > > > >>>>> 1493970797.553273: > > > >>>>>>>> Generated subkey for TGS request: aes128-cts/94C6 [25281] > > > >>>>>> 1493970797.553323: > > > >>>>>>>> etypes requested in TGS request: aes256-cts, aes128-cts, > > > >>>>>>>> des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts > > > >>>>>>>> [25281] > > > >>>>>>>> 1493970797.553436: Encoding request body and padata into FAST > > > >>>>>>>> request > > > >>>>>>> [25281] 1493970797.553532: > > > >>>>>>>> Sending request (823 bytes) to TEST.COM [25281] > > > 1493970797.553567: > > > >>>>>>>> Resolving hostname localhost [25281] 1493970797.553745: > > > >>>>>>>> Initiating TCP connection to stream > > > >>>>>>>> 127.0.0.1:34319 > > > >>>>>>>> [25281] 1493970797.553889: Sending TCP request to stream > > > >>>>>>>> 127.0.0.1:34319 [25281] 1493970797.558297: Received answer > > > >>>>>>>> (125 > > > >>>>>>>> bytes) from stream > > > >>>>>>>> 127.0.0.1:34319 > > > >>>>>>>> [25281] 1493970797.558318: Terminating TCP connection to > > > >>>>>>>> stream > > > >>>>>>>> 127.0.0.1:34319 > > > >>>>>>>> [25281] 1493970797.561189: Response was not from master KDC > > > >>>>>>>> [25281] > > > >>>>>>>> 1493970797.561258: TGS request result: -1765323383/Unknown > > > >>>>>>>> code krcM > > > >>>>>>>> 137 ('First kerberos.authGSSClientStep not successful', > > > >>>>>>>> GSSError(('Unspecified GSS failure. Minor code may provide > > > >>>>>>>> more information', 851968), ('Unknown code krcM 137', > > > >>>>>>>> -1765323383))) > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> KDC logging with allowUDP = true: > > > >>>>>>>> > > > >>>>>>>> [INFO] Running > > > >>>>>>>> org.apache.kerby.kerberos.kerb.server.MitIssueTest > > > >>>>>>>> [pool-1-thread-1] INFO > > > >>>>>>>> org.apache.kerby.kerberos.kerb.server.request.AsRequest - > > > >>>>>>>> AS_REQ > > > >>>>>> ISSUE: > > > >>>>>>>> authtime 1493972505784,dran...@test.com for > > > >>>>>>>> krbtgt/test....@test.com [main] INFO > > > >>>>>>>> org.apache.kerby.kerberos.kerb.client.impl. > > > DefaultInternalKrbClien > > > >>>>>>>> t > > > >>>>>>>> - Send to kdc success. > > > >>>>>>>> [main] INFO > > > >>>>>>>> org.apache.kerby.kerberos.kerb.client.KrbClientBase - Storing > > the tgt to the credential cache file. > > > >>>>>>>> [pool-1-thread-1] INFO > > > >>>>>>>> org.apache.kerby.kerberos.kerb.server.request.KdcRequest - > > > >>>>>>>> The preauth data is empty. > > > >>>>>>>> [pool-1-thread-1] INFO > > > >>>>>>>> org.apache.kerby.kerberos.kerb.server.KdcHandler > > > >>>>>>>> - KRB error occurred while processing request:Additional > > > >>>>>>>> pre-authentication required [pool-1-thread-2] INFO > > > >>>>>>>> org.apache.kerby.kerberos.kerb.server.request.AsRequest - > > > >>>>>>>> AS_REQ > > > >>>>>> ISSUE: > > > >>>>>>>> authtime 1493972505948,test-service/localh...@test.com for > > > krbtgt/ > > > >>>>>>>> test....@test.com Exception in thread "Thread-0" > > > >>>>>>>> java.lang.RuntimeException: Error occured while checking udp > > > >>>>>> connections > > > >>>>>>>> at > > > >>>>>>>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork.run( > > > >>>>>>>> KdcNetwork.java:105) > > > >>>>>>>> at > > > >>>>>>>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork. > > > >>>>>>>> access$000(KdcNetwork.java:39) > > > >>>>>>>> at > > > >>>>>>>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork$1. > > > >>>>>>>> run(KdcNetwork.java:75) > > > >>>>>>>> at java.lang.Thread.run(Thread.java:748) > > > >>>>>>>> Caused by: java.nio.channels.ClosedChannelException > > > >>>>>>>> at > > > >>>>>>>> sun.nio.ch.DatagramChannelImpl.ensureOpen( > > > >>>>>> DatagramChannelImpl.java:320) > > > >>>>>>>> at sun.nio.ch.DatagramChannelImpl.receive( > > > >>>>>>>> DatagramChannelImpl.java:331) > > > >>>>>>>> at > > > >>>>>>>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork. > > > >>>>>>>> checkUdpMessage(KdcNetwork.java:132) > > > >>>>>>>> at > > > >>>>>>>> org.apache.kerby.kerberos.kerb.transport.KdcNetwork.run( > > > >>>>>>>> KdcNetwork.java:101) > > > >>>>>>>> ... 3 more > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> krb5.conf: > > > >>>>>>>> > > > >>>>>>>> [libdefaults] > > > >>>>>>>> kdc_realm = TEST.COM > > > >>>>>>>> default_realm = TEST.COM > > > >>>>>>>> udp_preference_limit = 4096 > > > >>>>>>>> kdc_tcp_port = 37080 > > > >>>>>>>> kdc_udp_port = 36525 > > > >>>>>>>> > > > >>>>>>>> [realms] > > > >>>>>>>> TEST.COM = { > > > >>>>>>>> kdc = localhost:36525 > > > >>>>>>>> } > > > >>>>>>>> > > > >>>>>>>> And port 36525 does not show up in `netstat -l` (while 37080 > > > >>>>>>>> does) > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> Op 04-05-17 om 14:55 schreef Li, Jiajia: > > > >>>>>>>>> Hi Marc, > > > >>>>>>>>> I try to run your test(through applying your patch in the > > > >>>>>>>>> trunk) , I > > > >>>>>>>> think it's success now. Could you take some time to check > > > >>>>>>>> about > > > it? > > > >>>>>>>>> Here is the log: > > > >>>>>>>>> > > > >>>>>>>>> directory-kerby git:(trunk) ? . > > > >>>>>>>>> kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerb > > > >>>>>>>>> eros > > > >>>>>>>>> /k > > > >>>>>>>>> er > > > >>>>>>>>> b/ > > > >>>>>>>>> server/MitIssueTest.sh > > > >>>>>>>>> kerberos.authGSSClientInit successful > > > >>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328234: entypes not > > > >>>>>>>>> supported > > > >>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328243: Did not find > > > >>>>>>>>> credential for krb5_ccache_conf_data/realm- > config@X-CACHECONF: > > > >>>>>>>>> in cache > > > >>>>>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc > > > >>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328243: Did not find > > > >>>>>>>>> credential for test-service/localh...@test.com in cache > > > >>>>>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc > > > >>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328243: Did not find > > > >>>>>>>>> credential for > > > >>>>>>>>> krb5_ccache_conf_data/negative-cache/test-service\134/localh > > > >>>>>>>>> ost\ > > > >>>>>>>>> 13 > > > >>>>>>>>> 4@ > > > >>>>>>>>> TE > > > >>>>>>>>> ST.COM@X-CACHECONF: in cache > > > >>>>>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc > > > >>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328243: Did not find > > > >>>>>>>>> credential for krb5_ccache_conf_data/lkdc- > hostname@X-CACHECONF > > : > > > >>>>>>>>> in cache > > > >>>>>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc > > > >>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328243: Did not find > > > >>>>>>>>> credential for krb5_ccache_conf_data/sitename@X-CACHECONF: > > > >>>>>>>>> in cache > > > >>>>>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc > > > >>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328243: Did not find > > > >>>>>>>>> credential for test-service/localh...@test.com in cache > > > >>>>>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc > > > >>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328234: Encryption type > > > >>>>>>>>> des-cbc-md5-deprecated not supported > > > >>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328234: Encryption type > > > >>>>>>>>> des-cbc-md4-deprecated not supported > > > >>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328234: Encryption type > > > >>>>>>>>> des-cbc-crc-deprecated not supported > > > >>>>>>>>> 2017-05-04T20:44:06 Trying to find service kdc for realm > > > >>>>>>>>> TEST.COM flags 0 > > > >>>>>>>>> 2017-05-04T20:44:06 configuration file for realm TEST.COM > > > >>>>>>>>> found > > > >>>>>>>>> 2017-05-04T20:44:06 submissing new requests to new host > > > >>>>>>>>> 2017-05-04T20:44:06 host_create: setting hostname localhost > > > >>>>>>>>> 2017-05-04T20:44:06 connecting to host: udp ::1:52534 > > > >>>>>>>>> (localhost) > > > >>>>>> tid: > > > >>>>>>>>> 00000001 > > > >>>>>>>>> 2017-05-04T20:44:06 host_create: setting hostname localhost > > > >>>>>>>>> 2017-05-04T20:44:06 Queuing host in future (in 3s), its the > > > >>>>>>>>> 2 address on the same name: udp 127.0.0.1:52534 (localhost) > > tid: > > > >>>>>>>>> 00000002 > > > >>>>>>>>> 2017-05-04T20:44:06 writing packet: udp ::1:52534 > > > >>>>>>>>> (localhost) > > > tid: > > > >>>>>>>>> 00000001 > > > >>>>>>>>> 2017-05-04T20:44:06 reading packet: udp ::1:52534 > > > >>>>>>>>> (localhost) > > > tid: > > > >>>>>>>>> 00000001 > > > >>>>>>>>> 2017-05-04T20:44:06 host completed: udp ::1:52534 > > > >>>>>>>>> (localhost) > > > tid: > > > >>>>>>>>> 00000001 > > > >>>>>>>>> 2017-05-04T20:44:06 krb5_sendto_context TEST.COM done: 0 > > > >>>>>>>>> hosts 1 packets 1 wc: 0.048927 nr: 0.000932 kh: 0.000814 > > > >>>>>>>>> tid: 00000002 > > > >>>>>>>>> 2017-05-04T20:44:06 tkt: extract key 17/763641F3 > > > >>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328353: Decrypt > > > >>>>>>>>> integrity check failed for checksum type > > > >>>>>>>>> hmac-sha1-96-aes128, key type > > > >>>>>>>>> aes128-cts-hmac-sha1-96 > > > >>>>>>>>> 2017-05-04T20:44:06 tkt: extract key 17/3084A95C > > > >>>>>>>>> 2017-05-04T20:44:06 krb5_get_credentials_with_flags: > > > >>>>>>>>> TEST.COM > > > wc: > > > >>>>>>>>> 0.050317 > > > >>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328243: Did not find > > > >>>>>>>>> credential for krb5_ccache_conf_data/realm- > config@X-CACHECONF: > > > >>>>>>>>> in cache > > > >>>>>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc > > > >>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328243: Did not find > > > >>>>>>>>> credential for > > > >>>>>>>>> krb5_ccache_conf_data/time-offset/test-service\134/ > > > >>>>>> localhost\134@TEST. > > > >>>>>>>>> COM@X-CACHECONF: in cache > > > >>>>>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc > > > >>>>>>>>> 2017-05-04T20:44:06 Setting up PFS for auth context > > > >>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328234: Encryption type > > > >>>>>>>>> des-cbc-md5-deprecated not supported > > > >>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328234: Encryption type > > > >>>>>>>>> des-cbc-md4-deprecated not supported > > > >>>>>>>>> 2017-05-04T20:44:06 set-error: -1765328234: Encryption type > > > >>>>>>>>> des-cbc-crc-deprecated not supported First > > > >>>>>>>>> kerberos.authGSSClientStep successful > > > >>>>>>>>> > > > >>>>>>>>> Thanks > > > >>>>>>>>> Jiajia > > > >>>>>>>>> > > > >>>>>>>>> -----Original Message----- > > > >>>>>>>>> From: Zheng, Kai [mailto:kai.zh...@intel.com] > > > >>>>>>>>> Sent: Wednesday, May 3, 2017 7:29 PM > > > >>>>>>>>> To: kerby@directory.apache.org > > > >>>>>>>>> Subject: RE: MIT Kerberos compatibility > > > >>>>>>>>> > > > >>>>>>>>> Hi Marc, > > > >>>>>>>>> > > > >>>>>>>>> In case you're not aware of this, please check out the > > > >>>>>>>>> latest fix made > > > >>>>>>>> by Jiajia. We thought your case may be different, but would > > > >>>>>>>> be good to have a check before we can repeat/fix your case. > > Thanks. > > > >>>>>>>>> https://issues.apache.org/jira/browse/DIRKRB-625 > > > >>>>>>>>> > > > >>>>>>>>> Regards, > > > >>>>>>>>> Kai > > > >>>>>>>>> > > > >>>>>>>>> -----Original Message----- > > > >>>>>>>>> From: Marc de Lignie [mailto:m.c.delig...@xs4all.nl] > > > >>>>>>>>> Sent: Sunday, April 30, 2017 7:45 PM > > > >>>>>>>>> To: kerby@directory.apache.org > > > >>>>>>>>> Subject: Re: MIT Kerberos compatibility > > > >>>>>>>>> > > > >>>>>>>>> Hi Kai, > > > >>>>>>>>> > > > >>>>>>>>> The terminal output below is for the latest MIT Kerberos > > > >>>>>>>>> 1.15.1 (locally > > > >>>>>>>> built on Ubuntu Xenial). Before that, I also tested with the > > > >>>>>>>> default Xenial MIT Kerberos packages (1.13.2), with the same > > > >>>>>>>> result. I did not try earlier MIT Kerberos versions. > > > >>>>>>>>> > > > >>>>>>>>> Marc > > > >>>>>>>>> > > > >>>>>>>>> Op 29-04-17 om 21:42 schreef Marc de Lignie: > > > >>>>>>>>>> Hi Kai, > > > >>>>>>>>>> > > > >>>>>>>>>> Thanks for the response. I prepared a minimal config that > > > >>>>>>>>>> reproduces my problem. > > > >>>>>>>>>> > > > >>>>>>>>>> You can fetch the branch/commit from: > > > >>>>>>>>>> https://github.com/vtslab/directory-kerby/commits/MitIssue > > > >>>>>>>>>> > > > >>>>>>>>>> This is relative to RC2, but I also tried this on trunk for > > > >>>>>>>>>> my actual project. > > > >>>>>>>>>> > > > >>>>>>>>>> This config produces the debug and error messages below. > > > >>>>>>>>>> > > > >>>>>>>>>> 1. For the terminal with the bash + python script $ klist > > > >>>>>>>>>> Ticket > > > >>>>>>>>>> cache: FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc > > > >>>>>>>>>> Default principal: dran...@test.com > > > >>>>>>>>>> > > > >>>>>>>>>> Valid starting Expires Service principal > > > >>>>>>>>>> 29-04-17 21:07:39 30-04-17 05:07:39 krbtgt/ > > test....@test.com > > > >>>>>>>>>> renew until 29-04-17 21:07:39 > > > >>>>>>>>>> > > > >>>>>>>>>> $ . > > > >>>>>>>>>> kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/ker > > > >>>>>>>>>> bero s/ ke rb / server/MitIssueTest.sh [15538] > > > >>>>>>>>>> 1493491231.917606: > > > >>>>>>>>>> Retrieving dran...@test.com from > > > >>>>>>>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) > > > >>>>>>>>>> with > > > >>>>>>>>>> result: > > > >>>>>>>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not > > > >>>>>>>>>> found [15538] > > > >>>>>>>>>> 1493491231.917827: Retrieving dran...@test.com from > > > >>>>>>>>>> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) > > > >>>>>>>>>> with > > > >>>>>>> result: > > > >>>>>>>>>> 2/Key table file '/etc/krb5/user/1000/client.keytab' not > > > >>>>>>>>>> found kerberos.authGSSClientInit successful [15538] > > 1493491231.918185: > > > >>>>>>>>>> Getting credentials dran...@test.com -> > > > >>>>>>>>>> test-service/localhost@ using ccache > > > >>>>>>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc > > > >>>>>>>>>> [15538] 1493491231.918210: Retrieving dran...@test.com -> > > > >>>>>>>>>> test-service/localhost@ from > > > >>>>>>>>>> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc with > > > result: > > > >>>>>>>>>> -1765328243/Matching credential not found (filename: > > > >>>>>>>>>> kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc) > > > >>>>>>>>>> [15538] 1493491231.918226: Retrying dran...@test.com -> > > > >>>>>>>>>> test-service/localh...@test.com with result: > > > >>>>>>>>>> -1765328243/Matching credential not found (filename: > > > >>>>>>>>>> kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc) > > > >>>>>>>>>> [15538] 1493491231.918229: Server has referral realm; > > > >>>>>>>>>> starting with test-service/localh...@test.com [15538] > > 1493491231.918278: > > > >>>>>>>>>> Retrieving dran...@test.com -> krbtgt/test....@test.com > > > >>>>>>>>>> from FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc > > > >>>>>>>>>> with > > > result: > > > >>>>>>>>>> 0/Success > > > >>>>>>>>>> [15538] 1493491231.918281: Starting with TGT for client > realm: > > > >>>>>>>>>> dran...@test.com -> krbtgt/test....@test.com [15538] > > > >>>>>>>>>> 1493491231.918301: Requesting tickets for > > > >>>>>>>>>> test-service/localh...@test.com, referrals on [15538] > > > >>>>>>>>>> 1493491231.918326: Generated subkey for TGS request: > > > >>>>>>>>>> aes128-cts/FA30 > > > >>>>>>>>>> [15538] 1493491231.918359: etypes requested in TGS request: > > > >>>>>>>>>> aes256-cts, aes128-cts, aes256-sha2, aes128-sha2, > > > >>>>>>>>>> des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts > > > >>>>>>>>>> [15538] > > > >>>>>> 1493491231.918484: > > > >>>>>>>>>> Encoding request body and padata into FAST request [15538] > > > >>>>>>>>>> 1493491231.918541: Sending request (836 bytes) to TEST.COM > > > >>>>>>>>>> [15538] > > > >>>>>>>>>> 1493491231.918597: Resolving hostname localhost [15538] > > > >>>>>>>>>> 1493491231.918703: Initiating TCP connection to stream > > > >>>>>>>>>> 127.0.0.1:44292 > > > >>>>>>>>>> [15538] 1493491231.918777: Sending TCP request to stream > > > >>>>>>>>>> 127.0.0.1:44292 [15538] 1493491231.922803: TCP error > > > >>>>>>>>>> receiving from stream > > > >>>>>>>>>> 127.0.0.1:44292: 104/Connection reset by peer [15538] > > > >>>>>>>>>> 1493491231.922812: Terminating TCP connection to stream > > > >>>>>>>>>> 127.0.0.1:44292 > > > >>>>>>>>>> [15538] 1493491231.922858: Sending initial UDP request to > > > >>>>>>>>>> dgram > > > >>>>>>>>>> 127.0.0.1:44292 > > > >>>>>>>>>> ('First kerberos.authGSSClientStep not successful', > > > >>>>>>>>>> GSSError(('Unspecified GSS failure. Minor code may provide > > > >>>>>>>>>> more information', 851968), ("Cannot contact any KDC for > > > >>>>>>>>>> realm 'TEST.COM'", > > > >>>>>>>>>> -1765328228))) > > > >>>>>>>>>> > > > >>>>>>>>>> 2. For the terminal that runs mvn clean test > > > >>>>>>>>>> -Dtest=MitIssueTest Running > > > >>>>>>>>>> org.apache.kerby.kerberos.kerb.server.MitIssueTest > > > >>>>>>>>>> 2017-04-29 21:07:39,182 DEBUG [main] backend. > > > >>>>>> AbstractIdentityBackend: > > > >>>>>>>>>> initialize called > > > >>>>>>>>>> 2017-04-29 21:07:39,195 DEBUG [main] backend. > > > >>>>>> AbstractIdentityBackend: > > > >>>>>>>>>> getIdentity called, principalName = > > > >>>>>>>>>> krbtgt/test....@test.com > > > >>>>>>>>>> 2017-04-29 21:07:39,195 DEBUG [main] backend. > > > >>>>>> AbstractIdentityBackend: > > > >>>>>>>>>> getIdentity failed, principalName = > > > >>>>>>>>>> krbtgt/test....@test.com > > > >>>>>>>>>> 2017-04-29 21:07:39,212 DEBUG [main] backend. > > > >>>>>> AbstractIdentityBackend: > > > >>>>>>>>>> addIdentity successful, principalName = > > > >>>>>>>>>> krbtgt/test....@test.com > > > >>>>>>>>>> 2017-04-29 21:07:39,212 DEBUG [main] backend. > > > >>>>>> AbstractIdentityBackend: > > > >>>>>>>>>> getIdentity called, principalName = > > > >>>>>>>>>> kadmin/test....@test.com > > > >>>>>>>>>> 2017-04-29 21:07:39,212 DEBUG [main] backend. > > > >>>>>> AbstractIdentityBackend: > > > >>>>>>>>>> getIdentity failed, principalName = > > > >>>>>>>>>> kadmin/test....@test.com > > > >>>>>>>>>> 2017-04-29 21:07:39,213 DEBUG [main] backend. > > > >>>>>> AbstractIdentityBackend: > > > >>>>>>>>>> addIdentity successful, principalName = > > > >>>>>>>>>> kadmin/test....@test.com > > > >>>>>>>>>> 2017-04-29 21:07:39,216 DEBUG [main] backend. > > > >>>>>> AbstractIdentityBackend: > > > >>>>>>>>>> start called > > > >>>>>>>>>> 2017-04-29 21:07:39,232 DEBUG [main] backend. > > > >>>>>> AbstractIdentityBackend: > > > >>>>>>>>>> addIdentity successful, principalName = > > > >>>>>>>>>> test-service/localh...@test.com > > > >>>>>>>>>> 2017-04-29 21:07:39,425 DEBUG [main] backend. > > > >>>>>> AbstractIdentityBackend: > > > >>>>>>>>>> addIdentity successful, principalName = dran...@test.com > > > >>>>>>>>>> 2017-04-29 21:07:39,465 DEBUG [pool-1-thread-1] > > > >>>>>>>>>> backend.AbstractIdentityBackend: getIdentity called, > > > >>>>>>>>>> principalName = krbtgt/test....@test.com > > > >>>>>>>>>> 2017-04-29 21:07:39,465 DEBUG [pool-1-thread-1] > > > >>>>>>>>>> backend.AbstractIdentityBackend: getIdentity successful, > > > >>>>>>>>>> principalName = krbtgt/test....@test.com > > > >>>>>>>>>> 2017-04-29 21:07:39,465 INFO [pool-1-thread-1] > > > >>>>> request.KdcRequest: > > > >>>>>>>>>> Client entry is empty. > > > >>>>>>>>>> 2017-04-29 21:07:39,465 DEBUG [pool-1-thread-1] > > > >>>>>>>>>> backend.AbstractIdentityBackend: getIdentity called, > > > >>>>>>>>>> principalName = dran...@test.com > > > >>>>>>>>>> 2017-04-29 21:07:39,465 DEBUG [pool-1-thread-1] > > > >>>>>>>>>> backend.AbstractIdentityBackend: getIdentity successful, > > > >>>>>>>>>> principalName = dran...@test.com > > > >>>>>>>>>> 2017-04-29 21:07:39,465 DEBUG [pool-1-thread-1] > > > >>>>>>>>>> backend.AbstractIdentityBackend: getIdentity called, > > > >>>>>>>>>> principalName = krbtgt/test....@test.com > > > >>>>>>>>>> 2017-04-29 21:07:39,465 DEBUG [pool-1-thread-1] > > > >>>>>>>>>> backend.AbstractIdentityBackend: getIdentity successful, > > > >>>>>>>>>> principalName = krbtgt/test....@test.com > > > >>>>>>>>>> 2017-04-29 21:07:39,476 DEBUG [pool-1-thread-1] > > > >>>>>>>>>> impl.DefaultKdcHandler: Transport or decoding error > > > >>>>>>>>>> occurred, disconnecting abnormally java.io.EOFException > > > >>>>>>>>>> at java.io.DataInputStream.readInt(DataInputStream.java: > > 392) > > > >>>>>>>>>> at > > > >>>>>>>>>> org.apache.kerby.kerberos.kerb.transport.KrbTcpTransport. > > > >>>>>>>> receiveMessage(KrbTcpTransport.java:54) > > > >>>>>>>>>> at > > > >>>>>>>>>> org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandle > > > >>>>>>>>>> r.ru > > > >>>>>>>>>> n( > > > >>>>>>>> DefaultKdcHandler.java:46) > > > >>>>>>>>>> at > > > >>>>>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker( > > > >>>>>>>> ThreadPoolExecutor.java:1142) > > > >>>>>>>>>> at > > > >>>>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run( > > > >>>>>>>> ThreadPoolExecutor.java:617) > > > >>>>>>>>>> at java.lang.Thread.run(Thread.java:748) > > > >>>>>>>>>> 2017-04-29 21:07:39,477 INFO [main] client.KrbClientBase: > > > >>>>>>>>>> Storing the tgt to the credential cache file. > > > >>>>>>>>>> 2017-04-29 21:07:39,491 DEBUG [main] backend. > > > >>>>>> AbstractIdentityBackend: > > > >>>>>>>>>> getIdentity called, principalName = > > > >>>>>>>>>> test-service/localh...@test.com > > > >>>>>>>>>> 2017-04-29 21:07:39,491 DEBUG [main] backend. > > > >>>>>> AbstractIdentityBackend: > > > >>>>>>>>>> getIdentity successful, principalName = > > > >>>>>>>>>> test-service/localh...@test.com > > > >>>>>>>>>> 2017-04-29 21:07:39,498 DEBUG [pool-1-thread-1] > > > >>>>>>>>>> backend.AbstractIdentityBackend: getIdentity called, > > > >>>>>>>>>> principalName = krbtgt/test....@test.com > > > >>>>>>>>>> 2017-04-29 21:07:39,498 DEBUG [pool-1-thread-1] > > > >>>>>>>>>> backend.AbstractIdentityBackend: getIdentity successful, > > > >>>>>>>>>> principalName = krbtgt/test....@test.com > > > >>>>>>>>>> 2017-04-29 21:07:39,498 INFO [pool-1-thread-1] > > > >>>>> request.KdcRequest: > > > >>>>>>>>>> Client entry is empty. > > > >>>>>>>>>> 2017-04-29 21:07:39,499 DEBUG [pool-1-thread-1] > > > >>>>>>>>>> backend.AbstractIdentityBackend: getIdentity called, > > > >>>>>>>>>> principalName = test-service/localh...@test.com > > > >>>>>>>>>> 2017-04-29 21:07:39,499 DEBUG [pool-1-thread-1] > > > >>>>>>>>>> backend.AbstractIdentityBackend: getIdentity successful, > > > >>>>>>>>>> principalName = test-service/localh...@test.com > > > >>>>>>>>>> 2017-04-29 21:07:39,499 DEBUG [pool-1-thread-1] > > > >>>>>>>>>> backend.AbstractIdentityBackend: getIdentity called, > > > >>>>>>>>>> principalName = krbtgt/test....@test.com > > > >>>>>>>>>> 2017-04-29 21:07:39,499 DEBUG [pool-1-thread-1] > > > >>>>>>>>>> backend.AbstractIdentityBackend: getIdentity successful, > > > >>>>>>>>>> principalName = krbtgt/test....@test.com > > > >>>>>>>>>> 2017-04-29 21:07:39,499 INFO [pool-1-thread-1] > > > >>>>> request.KdcRequest: > > > >>>>>>>>>> The preauth data is empty. > > > >>>>>>>>>> 2017-04-29 21:07:39,501 INFO [pool-1-thread-1] > > > server.KdcHandler: > > > >>>>>>>>>> KRB error occurred while processing request:Additional > > > >>>>>>>>>> pre-authentication required > > > >>>>>>>>>> 2017-04-29 21:07:39,502 DEBUG [pool-1-thread-1] > > > >>>>>>>>>> impl.DefaultKdcHandler: Transport or decoding error > > > >>>>>>>>>> occurred, disconnecting abnormally java.io.EOFException > > > >>>>>>>>>> at java.io.DataInputStream.readInt(DataInputStream.java: > > 392) > > > >>>>>>>>>> at > > > >>>>>>>>>> org.apache.kerby.kerberos.kerb.transport.KrbTcpTransport. > > > >>>>>>>> receiveMessage(KrbTcpTransport.java:54) > > > >>>>>>>>>> at > > > >>>>>>>>>> org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandle > > > >>>>>>>>>> r.ru > > > >>>>>>>>>> n( > > > >>>>>>>> DefaultKdcHandler.java:46) > > > >>>>>>>>>> at > > > >>>>>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker( > > > >>>>>>>> ThreadPoolExecutor.java:1142) > > > >>>>>>>>>> at > > > >>>>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run( > > > >>>>>>>> ThreadPoolExecutor.java:617) > > > >>>>>>>>>> at java.lang.Thread.run(Thread.java:748) > > > >>>>>>>>>> 2017-04-29 21:07:39,505 DEBUG [pool-1-thread-1] > > > >>>>>>>>>> backend.AbstractIdentityBackend: getIdentity called, > > > >>>>>>>>>> principalName = krbtgt/test....@test.com > > > >>>>>>>>>> 2017-04-29 21:07:39,505 DEBUG [pool-1-thread-1] > > > >>>>>>>>>> backend.AbstractIdentityBackend: getIdentity successful, > > > >>>>>>>>>> principalName = krbtgt/test....@test.com > > > >>>>>>>>>> 2017-04-29 21:07:39,505 INFO [pool-1-thread-1] > > > >>>>> request.KdcRequest: > > > >>>>>>>>>> Client entry is empty. > > > >>>>>>>>>> 2017-04-29 21:07:39,506 DEBUG [pool-1-thread-1] > > > >>>>>>>>>> backend.AbstractIdentityBackend: getIdentity called, > > > >>>>>>>>>> principalName = test-service/localh...@test.com > > > >>>>>>>>>> 2017-04-29 21:07:39,506 DEBUG [pool-1-thread-1] > > > >>>>>>>>>> backend.AbstractIdentityBackend: getIdentity successful, > > > >>>>>>>>>> principalName = test-service/localh...@test.com > > > >>>>>>>>>> 2017-04-29 21:07:39,506 DEBUG [pool-1-thread-1] > > > >>>>>>>>>> backend.AbstractIdentityBackend: getIdentity called, > > > >>>>>>>>>> principalName = krbtgt/test....@test.com > > > >>>>>>>>>> 2017-04-29 21:07:39,506 DEBUG [pool-1-thread-1] > > > >>>>>>>>>> backend.AbstractIdentityBackend: getIdentity successful, > > > >>>>>>>>>> principalName = krbtgt/test....@test.com > > > >>>>>>>>>> 2017-04-29 21:07:39,510 DEBUG [pool-1-thread-1] > > > >>>>>>>>>> impl.DefaultKdcHandler: Transport or decoding error > > > >>>>>>>>>> occurred, disconnecting abnormally java.io.EOFException > > > >>>>>>>>>> at java.io.DataInputStream.readInt(DataInputStream.java: > > 392) > > > >>>>>>>>>> at > > > >>>>>>>>>> org.apache.kerby.kerberos.kerb.transport.KrbTcpTransport. > > > >>>>>>>> receiveMessage(KrbTcpTransport.java:54) > > > >>>>>>>>>> at > > > >>>>>>>>>> org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandle > > > >>>>>>>>>> r.ru > > > >>>>>>>>>> n( > > > >>>>>>>> DefaultKdcHandler.java:46) > > > >>>>>>>>>> at > > > >>>>>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker( > > > >>>>>>>> ThreadPoolExecutor.java:1142) > > > >>>>>>>>>> at > > > >>>>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run( > > > >>>>>>>> ThreadPoolExecutor.java:617) > > > >>>>>>>>>> at java.lang.Thread.run(Thread.java:748) > > > >>>>>>>>>> 2017-04-29 21:07:55,602 DEBUG [pool-1-thread-1] > > > >>>>>>>>>> backend.AbstractIdentityBackend: getIdentity called, > > > >>>>>>>>>> principalName = krbtgt/test....@test.com > > > >>>>>>>>>> 2017-04-29 21:07:55,602 DEBUG [pool-1-thread-1] > > > >>>>>>>>>> backend.AbstractIdentityBackend: getIdentity successful, > > > >>>>>>>>>> principalName = krbtgt/test....@test.com > > > >>>>>>>>>> 2017-04-29 21:07:55,602 INFO [pool-1-thread-1] > > > >>>>> request.KdcRequest: > > > >>>>>>>>>> Found fast padata and start to process it. > > > >>>>>>>>>> 2017-04-29 21:07:55,603 ERROR [pool-1-thread-1] > > > >>>>>>>>>> impl.DefaultKdcHandler: Error occured while processing > > request: > > > >>>>>>>>>> org.apache.kerby.kerberos.kerb.KrbException: Decoding > failed > > > >>>>>>>>>> at org.apache.kerby.kerberos. > kerb.KrbCodec.decode(KrbCodec. > > > >>>>>>>> java:85) > > > >>>>>>>>>> at org.apache.kerby.kerberos. > kerb.KrbCodec.decode(KrbCodec. > > > >>>>>>>> java:70) > > > >>>>>>>>>> at > > > >>>>>>>>>> org.apache.kerby.kerberos.kerb.server.request.KdcRequest.kd > > > >>>>>>>>>> cFin > > > >>>>>>>>>> dF > > > >>>>>>>>>> as > > > >>>>>>>>>> t( > > > >>>>>>>> KdcRequest.java:208) > > > >>>>>>>>>> at > > > >>>>>>>>>> org.apache.kerby.kerberos.kerb.server.request. > > > >>>>>>>> KdcRequest.process(KdcRequest.java:168) > > > >>>>>>>>>> at > > > >>>>>>>>>> org.apache.kerby.kerberos.kerb.server.KdcHandler. > > > >>>>>>>> handleMessage(KdcHandler.java:115) > > > >>>>>>>>>> at > > > >>>>>>>>>> org.apache.kerby.kerberos.kerb.server.impl. > DefaultKdcHandler. > > > >>>>>>>> handleMessage(DefaultKdcHandler.java:67) > > > >>>>>>>>>> at > > > >>>>>>>>>> org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandle > > > >>>>>>>>>> r.ru > > > >>>>>>>>>> n( > > > >>>>>>>> DefaultKdcHandler.java:52) > > > >>>>>>>>>> at > > > >>>>>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker( > > > >>>>>>>> ThreadPoolExecutor.java:1142) > > > >>>>>>>>>> at > > > >>>>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run( > > > >>>>>>>> ThreadPoolExecutor.java:617) > > > >>>>>>>>>> at java.lang.Thread.run(Thread.java:748) > > > >>>>>>>>>> Caused by: java.io.IOException: Unexpected item context [0] > > > >>>>>>>>>> [tag=0xA0, off=0, len=3+207], expecting 0x30 > > > >>>>>>>>>> at > > > >>>>>>>>>> org.apache.kerby.asn1.type.Asn1Encodeable.decode( > > > >>>>>>>> Asn1Encodeable.java:210) > > > >>>>>>>>>> at > > > >>>>>>>>>> org.apache.kerby.asn1.type.Asn1Encodeable.decode( > > > >>>>>>>> Asn1Encodeable.java:197) > > > >>>>>>>>>> at org.apache.kerby.kerberos. > kerb.KrbCodec.decode(KrbCodec. > > > >>>>>>>> java:83) > > > >>>>>>>>>> ... 9 more > > > >>>>>>>>>> 2017-04-29 21:07:55,604 DEBUG [pool-1-thread-1] > > > >>>>>>>>>> impl.DefaultKdcHandler: Transport or decoding error > > > >>>>>>>>>> occurred, disconnecting abnormally > > > >>>>>>>>>> java.net.SocketException: Socket closed > > > >>>>>>>>>> at java.net.SocketInputStream.socketRead0(Native Method) > > > >>>>>>>>>> at java.net.SocketInputStream. > socketRead(SocketInputStream. > > > >>>>>>>> java:116) > > > >>>>>>>>>> at java.net.SocketInputStream. > read(SocketInputStream.java: > > > >>>>> 171) > > > >>>>>>>>>> at java.net.SocketInputStream. > read(SocketInputStream.java: > > > >>>>> 141) > > > >>>>>>>>>> at java.net.SocketInputStream. > read(SocketInputStream.java: > > > >>>>> 224) > > > >>>>>>>>>> at java.io.DataInputStream.readInt(DataInputStream.java: > > 387) > > > >>>>>>>>>> at > > > >>>>>>>>>> org.apache.kerby.kerberos.kerb.transport.KrbTcpTransport. > > > >>>>>>>> receiveMessage(KrbTcpTransport.java:54) > > > >>>>>>>>>> at > > > >>>>>>>>>> org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandle > > > >>>>>>>>>> r.ru > > > >>>>>>>>>> n( > > > >>>>>>>> DefaultKdcHandler.java:46) > > > >>>>>>>>>> at > > > >>>>>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker( > > > >>>>>>>> ThreadPoolExecutor.java:1142) > > > >>>>>>>>>> at > > > >>>>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run( > > > >>>>>>>> ThreadPoolExecutor.java:617) > > > >>>>>>>>>> at java.lang.Thread.run(Thread.java:748) > > > >>>>>>>>>> > > > >>>>>>>>>> In a FreeIPA environment these python lines "just" work. > > > >>>>>>>>>> > > > >>>>>>>>>> Any suggestions are welcome! > > > >>>>>>>>>> > > > >>>>>>>>>> Marc > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>> -- > > > >>>>>>>>> Marc de Lignie > > > >>>>>>>>> > > > >>>>>>>> > > > >>>>>>>> -- > > > >>>>>>>> Marc de Lignie > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>> > > > >>>>>>> > > > >>>>>>> -- > > > >>>>>>> Colm O hEigeartaigh > > > >>>>>>> > > > >>>>>>> Talend Community Coder > > > >>>>>>> http://coders.talend.com > > > >>>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>> -- > > > >>>>>> Colm O hEigeartaigh > > > >>>>>> > > > >>>>>> Talend Community Coder > > > >>>>>> http://coders.talend.com > > > >>>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> -- > > > >>>>> Colm O hEigeartaigh > > > >>>>> > > > >>>>> Talend Community Coder > > > >>>>> http://coders.talend.com > > > >>>>> > > > >>>> > > > >>>> > > > >>>> > > > >>>> -- > > > >>>> Colm O hEigeartaigh > > > >>>> > > > >>>> Talend Community Coder > > > >>>> http://coders.talend.com > > > >>> > > > >>> > > > >> > > > >> > > > >> -- > > > >> Colm O hEigeartaigh > > > >> > > > >> Talend Community Coder > > > >> http://coders.talend.com > > > > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com