Thanks Emmanuel and Colm! Could we lend your hands on this? Sure if your
bandwidth allows. We're much dummy in such things and seem to have on
confidence to get it right. :(
For the long term, I would suggest we reorganize Kerby into two projects:
kerby-kerb for the Kerberos core and library; k
I’m not sure about this and wonder it may not work. But I have no idea for now
how to extract the TGT correctly.
encKdcRepPart = new EncAsRepPart();
encKdcRepPart.setAuthTime(cred.getAuthTime());
encKdcRepPart.setCaddr(cred.getClientAddresses());
encKdcRepPart.setEndTime(cred.getEndTime());
encKdc
Hi all
I can now retrieve the Tgt from the creds-cache, and request a Sgt. However
I am now bouncing between 2 errors. "ERR BAD OPTION" and "ERR GENERIC".
If I create the Tgt with the clientPrincipal, the request is rejected by
the KDC with "ERR BAD OPTION".
Examining the request with Wireshark
Le 08/05/2017 à 21:40, Colm O hEigeartaigh a écrit :
> I don't think we need the Mockito notice as it's a test dependency, right?
right.
--
Emmanuel Lecharny
Symas.com
directory.apache.org
I don't think we need the Mockito notice as it's a test dependency, right?
Colm.
On Mon, May 8, 2017 at 3:02 PM, Colm O hEigeartaigh
wrote:
> Actually, scratch that, it's fine to have the NOTICE file with the
> dependency information in the source as well.
>
> Colm.
>
> On Mon, May 8, 2017 at 2
Hi Chris, Jiajia, Kai,
Thanks for your additional suggestions. In the mean time I can confirm
my test working on a Centos 6.x system, see logs below, that is with Mit
Kerberos installed and the MitIssueTest.
So, there must be something strange on my Ubuntu Xenial + Mate system
(maybe somethi
Hi Kai
With the following code I can successfully retrieve a TGT from my existing
credential cache and use it to request a service ticket!.
Unfortunately the Service Ticket Request is currently failing with "KDC
cannot accommodate requested option".
private TgtTicket retrieveCachedTicket(File
Actually, scratch that, it's fine to have the NOTICE file with the
dependency information in the source as well.
Colm.
On Mon, May 8, 2017 at 2:50 PM, Colm O hEigeartaigh
wrote:
> Thanks Emmanuel! So if I understand correctly, the changes that were made
> to the NOTICE file in Kerby are incorre
Thanks Emmanuel! So if I understand correctly, the changes that were made
to the NOTICE file in Kerby are incorrect:
https://github.com/apache/directory-kerby/blob/trunk/NOTICE
Instead, the NOTICE file should just have the standard Apache bit. However,
we need to update the distribution source co
Le 08/05/2017 à 14:44, Stefan Seelmann a écrit :
> On 05/08/2017 01:23 PM, Emmanuel Lécharny wrote:
>>
>> Le 08/05/2017 à 11:26, Colm O hEigeartaigh a écrit :
>>> Hi Emmanuel,
>>>
>>> Is there a wiki page or something that you are aware of at Apache that
>>> clearly lays out what the obligations
Hi Kai
So far I have been able to knock this together, as a proof of concept.
Getting the EncAsRepPart required for the TGT will take a little more
effort, and I will need handling to cover the case where there are multiple
tickets in the cache (e.g. there is already an SGT cached).
Cheers
Chr
On 05/08/2017 01:23 PM, Emmanuel Lécharny wrote:
>
>
> Le 08/05/2017 à 11:26, Colm O hEigeartaigh a écrit :
>> Hi Emmanuel,
>>
>> Is there a wiki page or something that you are aware of at Apache that
>> clearly lays out what the obligations of projects are for licenses + notice
>> files for thir
Got your point. Please read credential cache utility codes and see if any API
doing so.
Sent from iPhone
在 2017年5月8日,下午8:13,Christopher Lamb
mailto:christopher.l...@ch.ibm.com>> 写道:
Hi Kai
Browsing further through the kerby code, I think I need the opposite of
KrbClientBase.storeTicket(): f
It's a very good reading and I learned a lot. Thanks!!!
Sent from iPhone
> 在 2017年5月8日,下午7:23,Emmanuel Lécharny 写道:
>
>
>
>> Le 08/05/2017 à 11:26, Colm O hEigeartaigh a écrit :
>> Hi Emmanuel,
>>
>> Is there a wiki page or something that you are aware of at Apache that
>> clearly lays out w
Hi Kai
Browsing further through the kerby code, I think I need the opposite of
KrbClientBase.storeTicket(): for instance a " Public TgtTicket
retrieveCachedTicket(File ccacheFile)"
Let me see if I can knock something together based on storeTicket()
Cheers
Chris
From: "Zheng, Kai"
To:
Le 08/05/2017 à 11:26, Colm O hEigeartaigh a écrit :
> Hi Emmanuel,
>
> Is there a wiki page or something that you are aware of at Apache that
> clearly lays out what the obligations of projects are for licenses + notice
> files for third party dependencies? It's something I've yet to clearly wra
Hi Marc
On the topic of python and kerberos, have you tried python gssapi?
The code snippet below works for me against a FreeIPA client, KDC and
Service Principal, whereas the equivalent Java GSS-API does not (yet),
which made me look at kerb-client
#!/usr/bin/python3.5
import gssapi
from i
If I remember correctly, it first generates a cache with a TGT, then do the
login test with the ticket cache. In your case, you would need to know where is
the cache file and point it to Kerby client, as the test did.
Regards,
Kai
From: Christopher Lamb [mailto:christopher.l...@ch.ibm.com]
Sent
Hi Kai
Thanks, example code is always best.
TicketCacheLoginTest looks like part of the answer, especially the
storeTicket() function. However (unless I have completely misread the
test-case), the TGT is not retrieved from the cache, it is only stored
there.
In my Single-Sign-On case, the user a
Hi Marc,
Thanks for your patience. It looks to me there is some issue in Kerby with
Heimdal compatibility. Note we haven't supported Heimdal yet. So far, Kerby is
tested and can support these clients:
1. Oracle Java;
2. Kerby client;
3. MIT client.
Both compatibility tests with MS AD and Heimda
Hi Chris,
Both dev list should be OK as Kerby folks are also in the parent one.
I haven't read your details fully (will do it later), but would make sure if
you have already checked out the test of TicketCacheLoginTest in the kerby code
base. In one word, Kerby client surely can consume and use
Thanks Colm for the confirm!
Regards,
Kai
From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
Sent: Monday, May 08, 2017 6:36 PM
To: Zheng, Kai
Cc: kerby@directory.apache.org
Subject: Re: MIT Kerberos compatibility
Hi Kai,
No I think it wasn't caused by recent changes. It's fine to target it
Hi Kai,
No I think it wasn't caused by recent changes. It's fine to target it for
the next release. I will call another vote for 1.0.0 as soon as we get the
go ahead from Emmanuel.
Colm.
On Mon, May 8, 2017 at 11:32 AM, Zheng, Kai wrote:
> Hi Colm,
>
> Did you aware it's caused by any recent c
Hi Colm,
Did you aware it's caused by any recent changes? It looks to me not. How serve
is it? It appears in some case in the WSS4J tests. We have work around, using
the Netty one. I'd suggest we target it for next minor release, like 1.1.0 or
1.0.1 so we have enough bandwidth to investigate an
OK I have created a JIRA and attached a patch that you have to apply to the
Apache WSS4J project to reproduce the error. If you uncomment the line that
uses Netty then the tests all work perfectly. The tests appear to work fine
when run in isolation, it's only when you run a few of them after one
a
Hi Colm,
Sure, please do it. Could you review my change and see how it would cause the
new failures? Any difference between the failed GSS tests and the Kerby GSS
tests?
Regards,
Kai
-Original Message-
From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
Sent: Monday, May 08, 2017 5
Hi Kai,
Your changes fixed the error message I was seeing. However, I now see
another problem when I run a few GSS client tests in a row:
>>> EType: sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType
>>> KrbAsReq creating message
>>> KrbKdcReq send: kdc=localhost UDP:42665, timeout=3, n
Hi Emmanuel,
Is there a wiki page or something that you are aware of at Apache that
clearly lays out what the obligations of projects are for licenses + notice
files for third party dependencies? It's something I've yet to clearly wrap
my head around.
Colm.
On Mon, May 8, 2017 at 10:22 AM, Emman
As soon as I'll beback home !
Le lun. 8 mai 2017 à 09:27, Li, Jiajia a écrit :
> I've added the slf4j N&L, mockito N&L, netty's NOTICE, hamcrest N&L,
> bouncycastle N&L(used by netty, but not included in it's N&L),
> Jline N&L(used by zookeeper, but not included in it's N&L)
> You can find out
Hi all
I hope this is the appropriate mailing list for this type of question. Or
would it be better on the Directory Developers’ list?
I am considering using Kerby kerb-client as an alternative to Java GSS-API
for a Java client application in a Kerberos single sign on environment.
In my proof o
I've added the slf4j N&L, mockito N&L, netty's NOTICE, hamcrest N&L,
bouncycastle N&L(used by netty, but not included in it's N&L),
Jline N&L(used by zookeeper, but not included in it's N&L)
You can find out the NOTICE at NOTICE file, the licenses in LICENSE file and
license/ folder.
I also chec
31 matches
Mail list logo