Re: Kerby 1.0 GA

[Colm O hEigeartaigh]

There are a lot of open issues (including one "in progress") for the
1.0.0-GA release in JIRA:

https://issues.apache.org/jira/browse/DIRKRB/fixforversion/12332775

It would be a good idea to go through the issues and decide which will be
fixed for the GA release, and which should be moved to a future release.

Colm.

On Sun, Apr 30, 2017 at 1:11 AM, Zheng, Kai  wrote:

> This makes sense. The GA should clean such kinds of codes.
>
> Regards,
> Kai
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Wednesday, April 26, 2017 6:38 PM
> To: kerby@directory.apache.org
> Subject: Re: Kerby 1.0 GA
>
> One improvement I'd like to see before the 1.0 GA release is to improve
> the exception handling. There are many examples of catch statements that
> just have a printStackTrace() leading to NPEs down the line. Apart from
> that, +1 from me on the release:
>
> find . -name "*.java" -path "*/main/*" | xargs grep "printStackTrace()" |
> wc -l
> 30
>
> Colm.
>
> On Wed, Apr 26, 2017 at 3:31 AM, Zheng, Kai  wrote:
>
> > Sounds cool! Thanks Jiajia for taking this step forward.
> >
> > Regards,
> > Kai
> >
> > -Original Message-
> > From: Li, Jiajia [mailto:jiajia...@intel.com]
> > Sent: Wednesday, April 26, 2017 9:54 AM
> > To: kerby@directory.apache.org
> > Subject: RE: Kerby 1.0 GA
> >
> > Sorry for wrong typo.
> >
> > Hi all,
> >
> > We are going to start the Kerby 1.0.0 GA release progress.
> > It's more than one year since our last release 1.0.0-RC2, we have
> > added lots of new features and bug fixes.
> > And this release will include some blocking issues for Hadoop and
> > 1.0.0 GA will impact the next Hadoop release version 3.0.0-alpha3.
> >
> > Regards,
> > Jiajia
> >
> > -Original Message-
> > From: Li, Jiajia [mailto:jiajia...@intel.com]
> > Sent: Wednesday, April 26, 2017 9:49 AM
> > To: kerby@directory.apache.org
> > Subject: Kerby 1.0 GA
> >
> > Hi all,
> >
> > We are going to start the Kerby 1.0.0 GA release progress.
> > It's more than one year since our last release 1.0.0-RC2, we have
> > added lots of new features and bug fixes.
> > And this release will include some blocking issues for Hadoop and
> > 1.0.0 GA will impact the next Hadoop release version 3.0.0-alpha1.
> >
> > Regards,
> > Jiajia
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

RE: MIT Kerberos compatibility

[Zheng, Kai]

Hi Marc,

In case you're not aware of this, please check out the latest fix made by 
Jiajia. We thought your case may be different, but would be good to have a 
check before we can repeat/fix your case. Thanks.
https://issues.apache.org/jira/browse/DIRKRB-625

Regards,
Kai

-Original Message-
From: Marc de Lignie [mailto:m.c.delig...@xs4all.nl] 
Sent: Sunday, April 30, 2017 7:45 PM
To: kerby@directory.apache.org
Subject: Re: MIT Kerberos compatibility

Hi Kai,

The terminal output below is for the latest MIT Kerberos 1.15.1 (locally built 
on Ubuntu Xenial). Before that, I also tested with the default Xenial MIT 
Kerberos packages (1.13.2), with the same result. I did not try earlier MIT 
Kerberos versions.

Marc

Op 29-04-17 om 21:42 schreef Marc de Lignie:
>
> Hi Kai,
>
> Thanks for the response. I prepared a minimal config that reproduces 
> my problem.
>
> You can fetch the branch/commit from:
> https://github.com/vtslab/directory-kerby/commits/MitIssue
>
> This is relative to RC2, but I also tried this on trunk for my actual 
> project.
>
> This config produces the debug and error messages below.
>
> 1. For the terminal with the bash + python script $ klist Ticket 
> cache: FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc
> Default principal: dran...@test.com
>
> Valid starting ExpiresService principal
> 29-04-17 21:07:39  30-04-17 05:07:39  krbtgt/test@test.com
> renew until 29-04-17 21:07:39
>
> $ . 
> kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/
> server/MitIssueTest.sh [15538] 1493491231.917606: Retrieving 
> dran...@test.com from FILE:/etc/krb5/user/1000/client.keytab (vno 0, 
> enctype 0) with result:
> 2/Key table file '/etc/krb5/user/1000/client.keytab' not found [15538] 
> 1493491231.917827: Retrieving dran...@test.com from 
> FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result:
> 2/Key table file '/etc/krb5/user/1000/client.keytab' not found 
> kerberos.authGSSClientInit successful [15538] 1493491231.918185: 
> Getting credentials dran...@test.com -> test-service/localhost@ using 
> ccache FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc
> [15538] 1493491231.918210: Retrieving dran...@test.com -> 
> test-service/localhost@ from 
> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc with result:
> -1765328243/Matching credential not found (filename: 
> kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc)
> [15538] 1493491231.918226: Retrying dran...@test.com -> 
> test-service/localh...@test.com with result: -1765328243/Matching 
> credential not found (filename:
> kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc)
> [15538] 1493491231.918229: Server has referral realm; starting with 
> test-service/localh...@test.com [15538] 1493491231.918278: Retrieving 
> dran...@test.com -> krbtgt/test@test.com from 
> FILE:kerby-kerb/kerb-kdc-test/target/tmp/test-tkt.cc with result:
> 0/Success
> [15538] 1493491231.918281: Starting with TGT for client realm: 
> dran...@test.com -> krbtgt/test@test.com [15538] 
> 1493491231.918301: Requesting tickets for 
> test-service/localh...@test.com, referrals on [15538] 
> 1493491231.918326: Generated subkey for TGS request:
> aes128-cts/FA30
> [15538] 1493491231.918359: etypes requested in TGS request: 
> aes256-cts, aes128-cts, aes256-sha2, aes128-sha2, des3-cbc-sha1, 
> rc4-hmac, camellia128-cts, camellia256-cts [15538] 1493491231.918484: 
> Encoding request body and padata into FAST request [15538] 
> 1493491231.918541: Sending request (836 bytes) to TEST.COM [15538] 
> 1493491231.918597: Resolving hostname localhost [15538] 
> 1493491231.918703: Initiating TCP connection to stream
> 127.0.0.1:44292
> [15538] 1493491231.918777: Sending TCP request to stream 
> 127.0.0.1:44292 [15538] 1493491231.922803: TCP error receiving from 
> stream
> 127.0.0.1:44292: 104/Connection reset by peer [15538] 
> 1493491231.922812: Terminating TCP connection to stream
> 127.0.0.1:44292
> [15538] 1493491231.922858: Sending initial UDP request to dgram
> 127.0.0.1:44292
> ('First kerberos.authGSSClientStep not successful', 
> GSSError(('Unspecified GSS failure.  Minor code may provide more 
> information', 851968), ("Cannot contact any KDC for realm 'TEST.COM'",
> -1765328228)))
>
> 2. For the terminal that runs mvn clean test -Dtest=MitIssueTest 
> Running org.apache.kerby.kerberos.kerb.server.MitIssueTest
> 2017-04-29 21:07:39,182 DEBUG [main] backend.AbstractIdentityBackend: 
> initialize called
> 2017-04-29 21:07:39,195 DEBUG [main] backend.AbstractIdentityBackend: 
> getIdentity called, principalName = krbtgt/test@test.com
> 2017-04-29 21:07:39,195 DEBUG [main] backend.AbstractIdentityBackend: 
> getIdentity failed, principalName = krbtgt/test@test.com
> 2017-04-29 21:07:39,212 DEBUG [main] backend.AbstractIdentityBackend: 
> addIdentity successful, principalName = krbtgt/test@test.com
> 2017-04-29 21:07:39,212 DEBUG [main] backend.AbstractIdentityBackend: 
> getIdentity called,