[
https://issues.apache.org/jira/browse/DIRSERVER-1970?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14507060#comment-14507060
]
Kiran Ayyagari commented on DIRSERVER-1970:
---
Could this be due to
[
https://issues.apache.org/jira/browse/DIRSERVER-1943?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kiran Ayyagari resolved DIRSERVER-1943.
---
Resolution: Incomplete
Assignee: Kiran Ayyagari
Please use the latest
Hi Colm,
It looks strange to me.
Would you debug and check the two keys are the same in that place and the other
place in KDC side KdcRequest:400:
EncryptedData encryptedData = EncryptionUtil.seal(encTicketPart,
serverKey, KeyUsage.KDC_REP_TICKET);
Thanks. I’m going to sleep now. See
+1 to your suggestion.
And please remove the AuthenticationInterceptorTest I added yesterday,
probably it doesn't make too much sense.
Kind Regards,
Stefan
On 04/22/2015 12:08 PM, Emmanuel Lécharny wrote:
Hi,
yesterday, we were hit by a bus, and it was expected for a very long
time. The
[
https://issues.apache.org/jira/browse/DIRSERVER-2051?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14507003#comment-14507003
]
Emmanuel Lecharny commented on DIRSERVER-2051:
--
We are currently fixing a
For what it is worth: I see something beautiful emerging.
+1
Best regards,
Pierre Smits
*ORRTIZ.COM http://www.orrtiz.com*
Services Solutions for Cloud-
Based Manufacturing, Professional
Services and Retail Trade
http://www.orrtiz.com
On Wed, Apr 22, 2015 at 2:30 PM, Emmanuel Lécharny
[
https://issues.apache.org/jira/browse/DIRSERVER-1970?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14507079#comment-14507079
]
Emmanuel Lecharny commented on DIRSERVER-1970:
--
Most certainly.
I just checked the codes in MIT Kerberos. It was clear we should use the value
of TgsReq-pa-ApReq-ticket-encpart-cname. The cname field in KdcReq is only
used in AsReq, not used in TgsReq.
I will have a fix for this shortly.
Regards,
Kai
From: Zheng, Kai [mailto:kai.zh...@intel.com]
Sent:
[
https://issues.apache.org/jira/browse/DIRSERVER-1949?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14507061#comment-14507061
]
Kiran Ayyagari commented on DIRSERVER-1949:
---
Can we close this?
Cannot add
[
https://issues.apache.org/jira/browse/DIRSERVER-1944?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kiran Ayyagari resolved DIRSERVER-1944.
---
Resolution: Won't Fix
Assignee: Kiran Ayyagari
ApacheDS 2.0.0-M15
Le 22/04/15 12:28, Steve Moyer a écrit :
I think we've spent enough time rehashing the past ...
Absolutely.
let me just say
that I think things would have gone a lot differently if there'd been an
easy way to provide a repository branch for us to check code into.
Sadly, this is not the way
Looks good thanks! The next problem is an NPE in EncryptionHandler. This is
caused by a similar issue to before:
---
a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgsRequest.java
+++
Good to this point. I’m looking at it and will respond a little later. Thanks!
Regards,
Kai
From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
Sent: Wednesday, April 22, 2015 10:01 PM
To: Zheng, Kai
Cc: Apache Directory Developers List
Subject: Re: Kerby GSS tests?
Looks good thanks! The
Colm,
Would you check out the fix below and verify it? Thanks!
commit 41df0299ef254d877b6f570c1b71eb35c75e9fc5
Author: Drankye dran...@gmail.com
Date: Wed Apr 22 21:25:21 2015 +0800
Fixed the issue that cname field in KdcReqBody should not be used in TgsReq
Regards,
Kai
From: Zheng, Kai
[
https://issues.apache.org/jira/browse/DIRKRB-236?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh reassigned DIRKRB-236:
--
Assignee: Colm O hEigeartaigh
Ensure encryption types list is correctly sent
[
https://issues.apache.org/jira/browse/DIRKRB-236?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh resolved DIRKRB-236.
Resolution: Fixed
Ensure encryption types list is correctly sent by client and
[
https://issues.apache.org/jira/browse/DIRKRB-236?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kai Zheng updated DIRKRB-236:
-
Assignee: Jiajia Li (was: Colm O hEigeartaigh)
Summary: Ensure encryption types list is correctly
Are we sure that the tgsKey above is the right key to decrpyt the request?
Yes, the ticket there to decrypt is actually for TGS to interpret and validate,
a tgs key should be used. I’m still thinking about how to get the encryption
type right. It’s a certain one this time.
Regards,
Kai
From:
I'm not sure the igloo project's implementation is better or worse than
escimo ... it's compliant to the SCIM specification a few versions
back. The current version has design flaws but is working well for us.
I'll try to describe the differences but since the eSCIMo code wasn't
functional when
Hi Colm,
The fix would be as follows. Would you verify and commit it if OK? Thanks.
-EncryptionType encType = getKdcReq().getReqBody().getEtypes().listItera
-EncryptionKey tgsKey = getTgsEntry().getKeys().get(encType);
-
Ticket ticket = apReq.getTicket();
+
Hi Kai,
I get the same error (decryption error) with this patch.
Colm.
On Wed, Apr 22, 2015 at 3:57 PM, Zheng, Kai kai.zh...@intel.com wrote:
Hi Colm,
The fix would be as follows. Would you verify and commit it if OK? Thanks.
-EncryptionType encType =
[
https://issues.apache.org/jira/browse/DIRSERVER-2060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14506519#comment-14506519
]
Stefan Seelmann commented on DIRSERVER-2060:
Added a first fix here:
[
https://issues.apache.org/jira/browse/DIRKRB-215?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14506498#comment-14506498
]
Lin Chen commented on DIRKRB-215:
-
And please remove the codes, thanks~
{code}
/**
*
Le 22/04/15 19:38, Stefan Seelmann a écrit :
Hi,
when starting up the server I always get the following error in log:
[19:18:43] ERROR
[org.apache.directory.api.ldap.model.entry.DefaultEntry] - ERR_04269
ATTRIBUTE_TYPE for OID ads-enabledciphersuites does not exist!
What does that mean?
Stefan Seelmann created DIRSERVER-2061:
--
Summary: Logging config bundled with installers is too strict
Key: DIRSERVER-2061
URL: https://issues.apache.org/jira/browse/DIRSERVER-2061
Project:
On 04/22/2015 01:58 AM, Emmanuel Lécharny wrote:
I have created some new installers
(http://people.apache.org/~elecharny/apacheds-2.0.0-M20-SNAPSHOT/) with
a fix for the debian installer.
I still get the error, but less often. I'd suggest you first change the
Authentications as suggested in
Hi,
when starting up the server I always get the following error in log:
[19:18:43] ERROR
[org.apache.directory.api.ldap.model.entry.DefaultEntry] - ERR_04269
ATTRIBUTE_TYPE for OID ads-enabledciphersuites does not exist!
What does that mean? The attribute is used in LdapServerBean, but I
[
https://issues.apache.org/jira/browse/DIRSERVER-2061?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stefan Seelmann resolved DIRSERVER-2061.
Resolution: Fixed
Assignee: Stefan Seelmann
Fixed here:
Le 22/04/15 18:31, Stefan Seelmann a écrit :
+1 to your suggestion.
And please remove the AuthenticationInterceptorTest I added yesterday,
probably it doesn't make too much sense.
Will do.
Thanks !
Emmanuel Lecharny created DIRSTUDIO-1038:
Summary: Dispose the various org.eclipse.swt.graphics.* objects we
use
Key: DIRSTUDIO-1038
URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1038
[
https://issues.apache.org/jira/browse/DIRSTUDIO-1038?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14507713#comment-14507713
]
Emmanuel Lecharny commented on DIRSTUDIO-1038:
--
More specifically, the
[
https://issues.apache.org/jira/browse/FC-33?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14508335#comment-14508335
]
Shawn McKinney edited comment on FC-33 at 4/23/15 2:38 AM:
---
Trace
[
https://issues.apache.org/jira/browse/FC-33?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14508335#comment-14508335
]
Shawn McKinney commented on FC-33:
--
Trace request/response for each test case:
Successfull
[
https://issues.apache.org/jira/browse/FC-33?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14508338#comment-14508338
]
Shawn McKinney commented on FC-33:
--
1. Successful compare pdu:
: 0x30 0x81 0xB5 0x02 0x01
[
https://issues.apache.org/jira/browse/DIRKRB-237?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jiajia Li updated DIRKRB-237:
-
Issue Type: New Feature (was: Bug)
Implement the parseOptions function in AddPrincipalExecutor
[
https://issues.apache.org/jira/browse/DIRKRB-238?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jiajia Li updated DIRKRB-238:
-
Issue Type: New Feature (was: Bug)
Enhance kadmin to support remove entry(s) from a keytab
Jiajia Li created DIRKRB-238:
Summary: Enhance kadmin to support remove entry(s) from a keytab
Key: DIRKRB-238
URL: https://issues.apache.org/jira/browse/DIRKRB-238
Project: Directory Kerberos
[
https://issues.apache.org/jira/browse/FC-33?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14508272#comment-14508272
]
Shawn McKinney commented on FC-33:
--
Explanation for how the fortress authorization audit works
[
https://issues.apache.org/jira/browse/DIRKRB-229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xu Yaning updated DIRKRB-229:
-
Attachment: DIRKRB-229-v1.patch
Enhance kadmin to support list principals
[
https://issues.apache.org/jira/browse/FC-33?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14508335#comment-14508335
]
Shawn McKinney edited comment on FC-33 at 4/23/15 2:40 AM:
---
Trace
[
https://issues.apache.org/jira/browse/DIRKRB-228?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xu Yaning updated DIRKRB-228:
-
Attachment: DIRKRB-228-v1.patch
Enhance kadmin to support get principal
[
https://issues.apache.org/jira/browse/DIRKRB-225?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jiajia Li updated DIRKRB-225:
-
Attachment: DIRKRB-225-V1.patch
Implement the modify principal in this patch.
Enhance kadmin to support
Jiajia Li created DIRKRB-237:
Summary: Implement the parseOptions function in
AddPrincipalExecutor
Key: DIRKRB-237
URL: https://issues.apache.org/jira/browse/DIRKRB-237
Project: Directory Kerberos
Xu Yaning created DIRKRB-239:
Summary: Implement the interface RadomProvider
Key: DIRKRB-239
URL: https://issues.apache.org/jira/browse/DIRKRB-239
Project: Directory Kerberos
Issue Type:
[
https://issues.apache.org/jira/browse/DIRKRB-239?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xu Yaning updated DIRKRB-239:
-
Attachment: DIRKRB-239-v1.patch
Implement the interface RadomProvider
[
https://issues.apache.org/jira/browse/DIRSERVER-1934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14507073#comment-14507073
]
Kiran Ayyagari commented on DIRSERVER-1934:
---
[~lthei...@mitre.org] Is this
Stefan Seelmann created DIRSERVER-2062:
--
Summary: Systemd support
Key: DIRSERVER-2062
URL: https://issues.apache.org/jira/browse/DIRSERVER-2062
Project: Directory ApacheDS
Issue Type:
Okey, that's created by IDE, I'll remove it
-Original Message-
From: Lin Chen (JIRA) [mailto:j...@apache.org]
Sent: Wednesday, April 22, 2015 2:15 PM
To: dev@directory.apache.org
Subject: [jira] [Commented] (DIRKRB-215) Implement the PRF function for DES_CBC.
[
On Wed, Apr 22, 2015 at 3:43 PM, Xu, Yaning yaning...@intel.com wrote:
Okey, that's created by IDE, I'll remove it
the best way is to import this[1] template into Eclipse, which will save a
lot of time
[1]
http://svn.apache.org/repos/asf/directory/project/trunk/resources/codetemplates.xml
On Wed, Apr 22, 2015 at 6:08 PM, Emmanuel Lécharny elecha...@gmail.com
wrote:
Hi,
yesterday, we were hit by a bus, and it was expected for a very long
time. The way we handle authenticators is far from ebing perfect.
Here is the current code :
public void bind( BindOperationContext
Ok with the current code I've made some progress - I can now successfully
get a TGT from Kerby. However, I'm running into a puzzling issue when
trying to get a service key. Essentially, the clientPrincipal in
KdcRequest.checkClient() is an empty String (and has a null NameType).
This means that it
I think we've spent enough time rehashing the past ... let me just say
that I think things would have gone a lot differently if there'd been an
easy way to provide a repository branch for us to check code into. On
the other hand, I can certainly understand why you don't want to change
your
I don't think that having two different implementations of the same thing
at Apache Directory is a good thing. However, it's certainly not unheard of
for a project to replace an older codebase with a new donated codebase for
a new major release, if there is a compelling reason to do so. For
Hi,
yesterday, we were hit by a bus, and it was expected for a very long
time. The way we handle authenticators is far from ebing perfect.
Here is the current code :
public void bind( BindOperationContext bindContext ) throws
LdapException
{
...
for ( Authenticator
[
https://issues.apache.org/jira/browse/DIRKRB-215?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xu Yaning updated DIRKRB-215:
-
Attachment: DIRKRB-215-v3.patch
Implement the PRF function for DES_CBC.
[
https://issues.apache.org/jira/browse/DIRKRB-228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14506837#comment-14506837
]
Xu Yaning commented on DIRKRB-228:
--
Okay, I'll!
Enhance kadmin to support get principal
[
https://issues.apache.org/jira/browse/DIRKRB-228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14506838#comment-14506838
]
Xu Yaning commented on DIRKRB-228:
--
Okay, I'll!
Enhance kadmin to support get principal
[
https://issues.apache.org/jira/browse/DIRKRB-228?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xu Yaning updated DIRKRB-228:
-
Comment: was deleted
(was: Okay, I'll!)
Enhance kadmin to support get principal
[
https://issues.apache.org/jira/browse/DIRKRB-229?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14506844#comment-14506844
]
Xu Yaning commented on DIRKRB-229:
--
Okay,I'll!
Enhance kadmin to support list
[
https://issues.apache.org/jira/browse/DIRKRB-229?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14506846#comment-14506846
]
Xu Yaning commented on DIRKRB-229:
--
Okay,I'll!
Enhance kadmin to support list
[
https://issues.apache.org/jira/browse/DIRKRB-229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xu Yaning updated DIRKRB-229:
-
Comment: was deleted
(was: Okay,I'll!)
Enhance kadmin to support list principals
Hi Colm,
Thanks for your good progress and analysis. I’m not sure how KDC would handle
in such case, but a possibility is to use the client principal name in the TGT
ticket, would you inspect the fields of the passed TGT and use the client field
in it, when it’s null in the KdcReq? I will
Le 22/04/15 04:33, Steve Moyer a écrit :
All,
Given Emmanuel's disappointment conveyed in the original thread (on the
Fortress mailing list), please consider the proposal withdrawn.
Nah, forgive me for my initial mail, I most certainly overreacted, and
I'm sorry for that.
I would suggest that
[
https://issues.apache.org/jira/browse/DIRKRB-236?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jiajia Li updated DIRKRB-236:
-
Attachment: DIRKRB-236-V1.patch
In this patch, sort the encryption types in {{KdcRequest}}.
Ensure
Le 22/04/15 03:55, Steve Moyer a écrit :
Kiran,
I certainly didn't want or expect you to be disappointed!
Well, as human beings, we have feelings, which may be overstated at some
point. DIsapointement might be a bit strong : it was more a surprise to
me than a disagrement, as I really thought
Le 22/04/15 12:42, Colm O hEigeartaigh a écrit :
I don't think that having two different implementations of the same thing
at Apache Directory is a good thing. However, it's certainly not unheard of
for a project to replace an older codebase with a new donated codebase for
a new major release,
66 matches
Mail list logo