[jira] [Commented] (DIRKRB-638) KerbyGssAppTest fails when there is no keytab on the service side

2017-08-03 Thread Jiajia Li (JIRA) 

[ 
https://issues.apache.org/jira/browse/DIRKRB-638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16112685#comment-16112685
 ] 

Jiajia Li commented on DIRKRB-638:
--

I committed.

commit ea45cc80f175a0d1292dbb4bfa69f75bba78b35b
Author: plusplusjiajia 
Date:   Thu Aug 3 21:06:11 2017 +0800  
Get the KerberosKey from Subject as the server key.

> KerbyGssAppTest fails when there is no keytab on the service side
> -
>
> Key: DIRKRB-638
> URL: https://issues.apache.org/jira/browse/DIRKRB-638
> Project: Directory Kerberos
>  Issue Type: Bug
>Reporter: Colm O hEigeartaigh
>Assignee: Colm O hEigeartaigh
> Fix For: 1.1.0
>
> Attachments: DIRKRB-638.patch, DIRKRB-638-V2.patch
>
>
> When we log in via a username/password on the service side, as opposed to a 
> keytab, the KerbyGssAppTest does not work, as GssAcceptCred is only written 
> to handle keytabs.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (DIRKRB-638) KerbyGssAppTest fails when there is no keytab on the service side

2017-08-03 Thread Colm O hEigeartaigh (JIRA) 

[ 
https://issues.apache.org/jira/browse/DIRKRB-638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16112661#comment-16112661
 ] 

Colm O hEigeartaigh commented on DIRKRB-638:


OK I applied my patch.

> KerbyGssAppTest fails when there is no keytab on the service side
> -
>
> Key: DIRKRB-638
> URL: https://issues.apache.org/jira/browse/DIRKRB-638
> Project: Directory Kerberos
>  Issue Type: Bug
>Reporter: Colm O hEigeartaigh
>Assignee: Colm O hEigeartaigh
> Fix For: 1.1.0
>
> Attachments: DIRKRB-638.patch, DIRKRB-638-V2.patch
>
>
> When we log in via a username/password on the service side, as opposed to a 
> keytab, the KerbyGssAppTest does not work, as GssAcceptCred is only written 
> to handle keytabs.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (DIRKRB-638) KerbyGssAppTest fails when there is no keytab on the service side

2017-08-03 Thread Jiajia Li (JIRA) 

[ 
https://issues.apache.org/jira/browse/DIRKRB-638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16112629#comment-16112629
 ] 

Jiajia Li commented on DIRKRB-638:
--

[~coheig], my patch based on your patch, so can you help me to commit it with 
your patch? Thanks.

> KerbyGssAppTest fails when there is no keytab on the service side
> -
>
> Key: DIRKRB-638
> URL: https://issues.apache.org/jira/browse/DIRKRB-638
> Project: Directory Kerberos
>  Issue Type: Bug
>Reporter: Colm O hEigeartaigh
>Assignee: Colm O hEigeartaigh
> Fix For: 1.1.0
>
> Attachments: DIRKRB-638.patch, DIRKRB-638-V2.patch
>
>
> When we log in via a username/password on the service side, as opposed to a 
> keytab, the KerbyGssAppTest does not work, as GssAcceptCred is only written 
> to handle keytabs.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (DIRKRB-638) KerbyGssAppTest fails when there is no keytab on the service side

2017-08-03 Thread Colm O hEigeartaigh (JIRA) 

[ 
https://issues.apache.org/jira/browse/DIRKRB-638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16112573#comment-16112573
 ] 

Colm O hEigeartaigh commented on DIRKRB-638:


Thanks [~jiajia], that looks good to me. Will you commit the patches? I will do 
some minor changes when they are applied.

> KerbyGssAppTest fails when there is no keytab on the service side
> -
>
> Key: DIRKRB-638
> URL: https://issues.apache.org/jira/browse/DIRKRB-638
> Project: Directory Kerberos
>  Issue Type: Bug
>Reporter: Colm O hEigeartaigh
>Assignee: Colm O hEigeartaigh
> Fix For: 1.1.0
>
> Attachments: DIRKRB-638.patch, DIRKRB-638-V2.patch
>
>
> When we log in via a username/password on the service side, as opposed to a 
> keytab, the KerbyGssAppTest does not work, as GssAcceptCred is only written 
> to handle keytabs.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (DIRKRB-638) KerbyGssAppTest fails when there is no keytab on the service side

2017-08-02 Thread Jiajia Li (JIRA) 

[ 
https://issues.apache.org/jira/browse/DIRKRB-638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16112103#comment-16112103
 ] 

Jiajia Li commented on DIRKRB-638:
--

In Krb5LoginModule:
{code}
kerbKeys = new KerberosKey[encKeys.length];
for (int i = 0; i < encKeys.length; i ++) {
Integer temp = encKeys[i].getKeyVersionNumber();
kerbKeys[i] = new KerberosKey(kerbClientPrinc,
  encKeys[i].getBytes(),
  encKeys[i].getEType(),
  (temp == null?
  0: temp.intValue()));
{code}

The temp is null, and it set the kvno as 0, but when adding the principal, the 
default kvno is 1. That's why the kvno is not equal.

> KerbyGssAppTest fails when there is no keytab on the service side
> -
>
> Key: DIRKRB-638
> URL: https://issues.apache.org/jira/browse/DIRKRB-638
> Project: Directory Kerberos
>  Issue Type: Bug
>Reporter: Colm O hEigeartaigh
>Assignee: Colm O hEigeartaigh
> Fix For: 1.1.0
>
> Attachments: DIRKRB-638.patch, DIRKRB-638-V2.patch
>
>
> When we log in via a username/password on the service side, as opposed to a 
> keytab, the KerbyGssAppTest does not work, as GssAcceptCred is only written 
> to handle keytabs.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (DIRKRB-638) KerbyGssAppTest fails when there is no keytab on the service side

2017-08-02 Thread Kai Zheng (JIRA) 

[ 
https://issues.apache.org/jira/browse/DIRKRB-638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16112057#comment-16112057
 ] 

Kai Zheng commented on DIRKRB-638:
--

The server key, or the service key, is a shared key between the server and KDC. 
Besides the keytab means that exports and stores the key in a file, I don't 
know any other way to do the sharing. Note the service key is used to 
decryption the ticket passed from client and it shouldn't be the session key. 
Typically session key is used to do the channel message encryption, not the 
authentication stuff.

One way to hack to use the username/password for the server side, might be 
calling the util function to generate the exact same key as initially stored 
into the KDC back end, but I'm not sure it's a good practice.


> KerbyGssAppTest fails when there is no keytab on the service side
> -
>
> Key: DIRKRB-638
> URL: https://issues.apache.org/jira/browse/DIRKRB-638
> Project: Directory Kerberos
>  Issue Type: Bug
>Reporter: Colm O hEigeartaigh
>Assignee: Colm O hEigeartaigh
> Fix For: 1.1.0
>
> Attachments: DIRKRB-638.patch
>
>
> When we log in via a username/password on the service side, as opposed to a 
> keytab, the KerbyGssAppTest does not work, as GssAcceptCred is only written 
> to handle keytabs.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (DIRKRB-638) KerbyGssAppTest fails when there is no keytab on the service side

2017-08-02 Thread Jiajia Li (JIRA) 

[ 
https://issues.apache.org/jira/browse/DIRKRB-638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16111003#comment-16111003
 ] 

Jiajia Li commented on DIRKRB-638:
--

I'm not sure using the session key from ticket as the server key is right, I 
will take more time to dig into it tomorrow.

> KerbyGssAppTest fails when there is no keytab on the service side
> -
>
> Key: DIRKRB-638
> URL: https://issues.apache.org/jira/browse/DIRKRB-638
> Project: Directory Kerberos
>  Issue Type: Bug
>Reporter: Colm O hEigeartaigh
>Assignee: Colm O hEigeartaigh
> Fix For: 1.1.0
>
> Attachments: DIRKRB-638.patch
>
>
> When we log in via a username/password on the service side, as opposed to a 
> keytab, the KerbyGssAppTest does not work, as GssAcceptCred is only written 
> to handle keytabs.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)