[jira] [Commented] (DIRKRB-638) KerbyGssAppTest fails when there is no keytab on the service side
[ https://issues.apache.org/jira/browse/DIRKRB-638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16112685#comment-16112685 ] Jiajia Li commented on DIRKRB-638: -- I committed. commit ea45cc80f175a0d1292dbb4bfa69f75bba78b35b Author: plusplusjiajiaDate: Thu Aug 3 21:06:11 2017 +0800 Get the KerberosKey from Subject as the server key. > KerbyGssAppTest fails when there is no keytab on the service side > - > > Key: DIRKRB-638 > URL: https://issues.apache.org/jira/browse/DIRKRB-638 > Project: Directory Kerberos > Issue Type: Bug >Reporter: Colm O hEigeartaigh >Assignee: Colm O hEigeartaigh > Fix For: 1.1.0 > > Attachments: DIRKRB-638.patch, DIRKRB-638-V2.patch > > > When we log in via a username/password on the service side, as opposed to a > keytab, the KerbyGssAppTest does not work, as GssAcceptCred is only written > to handle keytabs. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (DIRKRB-638) KerbyGssAppTest fails when there is no keytab on the service side
[ https://issues.apache.org/jira/browse/DIRKRB-638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16112661#comment-16112661 ] Colm O hEigeartaigh commented on DIRKRB-638: OK I applied my patch. > KerbyGssAppTest fails when there is no keytab on the service side > - > > Key: DIRKRB-638 > URL: https://issues.apache.org/jira/browse/DIRKRB-638 > Project: Directory Kerberos > Issue Type: Bug >Reporter: Colm O hEigeartaigh >Assignee: Colm O hEigeartaigh > Fix For: 1.1.0 > > Attachments: DIRKRB-638.patch, DIRKRB-638-V2.patch > > > When we log in via a username/password on the service side, as opposed to a > keytab, the KerbyGssAppTest does not work, as GssAcceptCred is only written > to handle keytabs. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (DIRKRB-638) KerbyGssAppTest fails when there is no keytab on the service side
[ https://issues.apache.org/jira/browse/DIRKRB-638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16112629#comment-16112629 ] Jiajia Li commented on DIRKRB-638: -- [~coheig], my patch based on your patch, so can you help me to commit it with your patch? Thanks. > KerbyGssAppTest fails when there is no keytab on the service side > - > > Key: DIRKRB-638 > URL: https://issues.apache.org/jira/browse/DIRKRB-638 > Project: Directory Kerberos > Issue Type: Bug >Reporter: Colm O hEigeartaigh >Assignee: Colm O hEigeartaigh > Fix For: 1.1.0 > > Attachments: DIRKRB-638.patch, DIRKRB-638-V2.patch > > > When we log in via a username/password on the service side, as opposed to a > keytab, the KerbyGssAppTest does not work, as GssAcceptCred is only written > to handle keytabs. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (DIRKRB-638) KerbyGssAppTest fails when there is no keytab on the service side
[ https://issues.apache.org/jira/browse/DIRKRB-638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16112573#comment-16112573 ] Colm O hEigeartaigh commented on DIRKRB-638: Thanks [~jiajia], that looks good to me. Will you commit the patches? I will do some minor changes when they are applied. > KerbyGssAppTest fails when there is no keytab on the service side > - > > Key: DIRKRB-638 > URL: https://issues.apache.org/jira/browse/DIRKRB-638 > Project: Directory Kerberos > Issue Type: Bug >Reporter: Colm O hEigeartaigh >Assignee: Colm O hEigeartaigh > Fix For: 1.1.0 > > Attachments: DIRKRB-638.patch, DIRKRB-638-V2.patch > > > When we log in via a username/password on the service side, as opposed to a > keytab, the KerbyGssAppTest does not work, as GssAcceptCred is only written > to handle keytabs. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (DIRKRB-638) KerbyGssAppTest fails when there is no keytab on the service side
[ https://issues.apache.org/jira/browse/DIRKRB-638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16112103#comment-16112103 ] Jiajia Li commented on DIRKRB-638: -- In Krb5LoginModule: {code} kerbKeys = new KerberosKey[encKeys.length]; for (int i = 0; i < encKeys.length; i ++) { Integer temp = encKeys[i].getKeyVersionNumber(); kerbKeys[i] = new KerberosKey(kerbClientPrinc, encKeys[i].getBytes(), encKeys[i].getEType(), (temp == null? 0: temp.intValue())); {code} The temp is null, and it set the kvno as 0, but when adding the principal, the default kvno is 1. That's why the kvno is not equal. > KerbyGssAppTest fails when there is no keytab on the service side > - > > Key: DIRKRB-638 > URL: https://issues.apache.org/jira/browse/DIRKRB-638 > Project: Directory Kerberos > Issue Type: Bug >Reporter: Colm O hEigeartaigh >Assignee: Colm O hEigeartaigh > Fix For: 1.1.0 > > Attachments: DIRKRB-638.patch, DIRKRB-638-V2.patch > > > When we log in via a username/password on the service side, as opposed to a > keytab, the KerbyGssAppTest does not work, as GssAcceptCred is only written > to handle keytabs. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (DIRKRB-638) KerbyGssAppTest fails when there is no keytab on the service side
[ https://issues.apache.org/jira/browse/DIRKRB-638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16112057#comment-16112057 ] Kai Zheng commented on DIRKRB-638: -- The server key, or the service key, is a shared key between the server and KDC. Besides the keytab means that exports and stores the key in a file, I don't know any other way to do the sharing. Note the service key is used to decryption the ticket passed from client and it shouldn't be the session key. Typically session key is used to do the channel message encryption, not the authentication stuff. One way to hack to use the username/password for the server side, might be calling the util function to generate the exact same key as initially stored into the KDC back end, but I'm not sure it's a good practice. > KerbyGssAppTest fails when there is no keytab on the service side > - > > Key: DIRKRB-638 > URL: https://issues.apache.org/jira/browse/DIRKRB-638 > Project: Directory Kerberos > Issue Type: Bug >Reporter: Colm O hEigeartaigh >Assignee: Colm O hEigeartaigh > Fix For: 1.1.0 > > Attachments: DIRKRB-638.patch > > > When we log in via a username/password on the service side, as opposed to a > keytab, the KerbyGssAppTest does not work, as GssAcceptCred is only written > to handle keytabs. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (DIRKRB-638) KerbyGssAppTest fails when there is no keytab on the service side
[ https://issues.apache.org/jira/browse/DIRKRB-638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16111003#comment-16111003 ] Jiajia Li commented on DIRKRB-638: -- I'm not sure using the session key from ticket as the server key is right, I will take more time to dig into it tomorrow. > KerbyGssAppTest fails when there is no keytab on the service side > - > > Key: DIRKRB-638 > URL: https://issues.apache.org/jira/browse/DIRKRB-638 > Project: Directory Kerberos > Issue Type: Bug >Reporter: Colm O hEigeartaigh >Assignee: Colm O hEigeartaigh > Fix For: 1.1.0 > > Attachments: DIRKRB-638.patch > > > When we log in via a username/password on the service side, as opposed to a > keytab, the KerbyGssAppTest does not work, as GssAcceptCred is only written > to handle keytabs. -- This message was sent by Atlassian JIRA (v6.4.14#64029)