to
notificati...@directory.apache.org, if wished we can also send them to
this list.
Kind Regards,
Stefan
[1] https://builds.apache.org/view/A-D/view/Directory/job/dir-kerby/
[2] https://issues.apache.org/jira/browse/BUILDS-86
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
gt; -----Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Tuesday, October 06, 2015 9:48 PM
> To: Zheng, Kai
> Cc: kerby@directory.apache.org
> Subject: Re: Token PreAuth
>
> Hi Kai,
>
> Thanks for your reply.
>
> Actually the Token
, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.683 sec
> - in
> org.apache.kerby.kerberos.kerb.integration.test.TokenLoginWithTokenPreauthEnabledTest
> Picked up _JAVA_OPTIONS: -Djava.net.preferIPv4Stack=true
>
> Results :
>
> Tests run: 6, Failures: 0, Errors: 0, Skipped: 0
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
> To: kerby@directory.apache.org
> Subject: Re: Kerby SNAPSHOTs
>
> Two builds were aborted, so I increased build timeout from 10 to 30
> minutes.
>
> Kind Regards,
> Stefan
>
> On 11/19/2015 04:55 PM, Colm O hEigeartaigh wrote:
> > No need to ask INFRA, I've upd
The mark of the immature man is that he wants to die nobly for a cause,
> while the mark of the mature man is that he wants to live humbly for one.”
> - Wilhelm Stekel
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Could someone (Emmanuel?) give me administrator privileges for Kerby in
JIRA? I want to release the last two versions, which are still marked as
unreleased.
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Hi all,
Do we have a plan or timeline to replace the older Kerberos code in Apache
Directory with Kerby? If not, does it make sense to start discussing it?
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
the module will send the token to KDC for a TGT to get a SGT that's to
> be used in a GSS session. We have already the module, please look at
> TokenAuthLoginModule.
>
> Regards,
> Kai
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
>
data. If you put the token in the
> authorization data, then after decoding it, you could extract token from
> it. I remembered we had defined the AuthzToken type for this actually but
> guess it's not used yet.
>
> Regards,
> Kai
>
> -----Original Message-
> From: Colm O hEigeartaig
pushed to next release like a
> release after 1.0.0 GA.
>
> Regards,
> Kai
>
> -----Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Thursday, June 16, 2016 5:07 PM
> To: kerby@directory.apache.org
> Subject: Re: Admin privileges in
nd token attributes"
Is there an example in the code to look at?
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
he KDC on the client side using
> GSS?
> Great question. Here what you need would be a login module using token,
> and the module will send the token to KDC for a TGT to get a SGT that's to
> be used in a GSS session. We have already the module, please look at
> TokenAuthLoginModule.
&
Sure, no rush :-)
Colm.
On Wed, Jun 29, 2016 at 2:48 AM, Zheng, Kai <kai.zh...@intel.com> wrote:
> Hi Colm, I will look at this late of today. Hope it works for you.
>
> -Original Message-----
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Tuesday, J
.
> 37. Enable kinit tool kdc flag options.
> 38. Added the graphics for teh ASN1 hierarchy
> 39. Add some javadocs
>
> In process and plan to do:
>
> 1. Clean up the JIRAs
>
> 2. Update the Github website and the sub-project website
>
> 3. Che
s/asf?p=directory-kerby.git;a=commit;h=688b4aa0ac5b675af127cf8f3c08e742ca7c9659
>
>
>
> Staging repo:
>
> https://repository.apache.org/content/repositories/orgapachedirectory-1077
>
>
>
> Source package:
>
> https://home.apache.org/~seelmann/kerby-1.0.0-RC2/
>
>
>
>
>
> Please cast your votes:
>
> [ ] +1 Release Apache Kerby 1.0.0-RC2
>
> [ ] 0 abstain
>
> [ ] -1 Do not release Apache Kerby 1.0.0-RC2
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
1, Zheng, Kai a écrit :
> > Hi Shawn, it's great we'll be able to have a meet. Yes, the whole next
> week I'll be hanging there.
>
> Ra... I wish I could have gone :/
>
> Enjoy the trip, and have some nice meeting with Shawn and Lucas ! All my
> best to all of you, guys
e can't verify
> the kdc sans, edu and so on. Such as the function
> cryptoRetrieveX509Sans#PkinitCrypto is marked as TODO.
>
>
> Thanks
> Jiajia
>
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Thursday, July 21, 2016
StackTrace();
} catch (Exception e) {
e.printStackTrace();
}
We should either be logging exceptions properly or propagating them
accordingly.
Colm.
On Wed, Jul 27, 2016 at 2:01 PM, Colm O hEigeartaigh <cohei...@apache.org>
wrote:
> +1 for a release.
Adding this data to service tickets would
> mean that the roles only intended for the KDC could now be applied to
> services etc.
>
> It's a good thought. If you'd check the token-preauth draft, it actually
> said a token derivation should be put into ticket, not the token itself. It
> mea
the Certificate to
verify some signed data, to make sure that the KDC knows the private key
associated with the Certificate...
I've updated the code so that the server at least includes the "Identity"
Certificate in the response to the client.
Thanks,
Colm.
--
Colm O hEigeartaigh
Talend
work
> seamlessly!
>
> Regards,
> Kai
>
> -----Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Friday, July 08, 2016 5:16 PM
> To: kerby@directory.apache.org
> Subject: Re: JWT pre-authentication - get JWT token on service side
>
&
token was encrypted?
Thanks again,
Colm.
>
> Regards,
> Kai
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Monday, July 04, 2016 7:52 PM
> To: kerby@directory.apache.org
> Cc: Zheng, Kai <kai.zh...@intel.com>
> Subject:
cCache.store(bout);
> os.close();
>
> // Now validate the ticket using GSS
> validateServiceTicket(bout.toByteArray());
> } catch (Exception e) {
> e.printStackTrace();
> Assert.fail();
> }
&
to Jiajia! After some basic ramp up, Sammi will help with
> her role in my side and try to move on. Thanks for the support.
>
> Regards,
> Kai
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
> correct?
> Is the code actually used in any prod env?
> Thanks a lot.
>
> Jim
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
t; @@ -131,14 +162,6 @@ public class KinitTool {
> ktOptions.add(KinitOption.USER_PASSWD, password);
> }
>
> -KrbClient krbClient = null;
> -try {
> -krbClient = getClient(confDir);
> -} catch (KrbException e) {
> -Syste
service. JRE doesn't provide any API allowing to hook
> logics like this. Not sure if you could make it if you would try the gssapi
> branch.
>
> Regards,
> Kai
>
> -----Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Tue
Hi all,
Given a Kerby SgtTicket, is it possible to translate this into a GSS token
somehow? Let's say I want to invoke on a service which uses GSS to validate
the ticket, but obtain the ticket in the first place using Kerby's APIs.
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http
ther fixes.
If there are no objections, I'll delete the gssapi branch
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
the
key from the keytab, the patch modified the GssAcceptCred to instead just
get the ticket + takes the key from that. This leads to a decryption error
when processing the ticket.
Could someone take a look and let me know where I am going wrong?
Colm.
--
Colm O hEigeartaigh
Talend Community
ely clean up.
> gss-v2;
> gssapi.
>
> Thanks Wei for the big contribution and look forward to making it work.
>
> Regards,
> Kai
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Friday, July 21, 2017 11:06 PM
> To: kerb
if you could make sure all your gssapi related codes and tests
>> were made in the trunk, so we can safely clean up.
>> gss-v2;
>> gssapi.
>>
>> Thanks Wei for the big contribution and look forward to making it work.
>>
>> Regards,
>> Kai
>>
erging on Friday, actually I ended up
> merging the gssapi branch to trunk, not gssapi-rebase as I thought. So the
> question is, what is missing for the current gssapi code on trunk before we
> can release it?
>
> Colm.
>
> On Mon, Jul 24, 2017 at 9:19 AM, Colm O hEigeartaigh <c
that does this for a supplied ByteBuffer value. Should this method be
called implicitly by the AdToken code somehow? Or is it up to the client
code to call decode on KrbToken?
Colm.
>
> Thanks
> Jiajia
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:cohei
...
>
> I think the AD token type is a new type which undefined in
> spec(RFC4120->7.5.4. Authorization Data Types), I think this new type name
> is ok.
>
> Thanks
> Jiajia
>
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
&
t;
> Yes, set the AuthToken as the parameter of getIdentityAuthorizationData is
> a good choice.
>
> Thanks
> Jiajia
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Tuesday, July 4, 2017 4:03 PM
> To: kerby@directory.apache.org
> Subject:
ly by
> >the AdToken code somehow? Or is it up to the client code to call decode
> on KrbToken?
>
> I'm not very sure, I think it's up to the client code to call to decode
> the KrbToken.
>
> Thanks
> Jiajia
>
>
> -Original Message-
> From: Colm O hEigeart
>
> It's a good idea.
>
> Thanks
> Jiajia
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Tuesday, July 4, 2017 9:54 PM
> To: kerby@directory.apache.org
> Subject: Re: Kerby JWT support
>
> The problem with this is t
ee what the
authorization data of the ticket is on the client side, so that I can test
that it was inserted correctly?
Colm.
>
> Thanks
> Jiajia
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Monday, June 19, 2017 8:24
? There are a few issues I need to clarify there to finish
with the "identity" token use-case.
Colm.
On Wed, Jul 5, 2017 at 12:36 PM, Colm O hEigeartaigh <cohei...@apache.org>
wrote:
> Ok this is done, please take a look and let me know what you think.
>
> Colm.
>
> On W
.0.0-RC2, we have added
> lots of new features and bug fixes.
> And this release will include some blocking issues for Hadoop and 1.0.0 GA
> will impact the next Hadoop release version 3.0.0-alpha1.
>
> Regards,
> Jiajia
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Is it merged to
> master or if not is there a plan to do so?
>
> Colm.
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
-1130/org/apache/kerby/kerby-all/1.0.0/
Git tag:
https://git-wip-us.apache.org/repos/asf?p=directory-kerby.git;a=commit;h=b0e8f9da3cdb494c82d62c956ee35a53a52ac0ce
+1 from me.
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Hi all,
What is the current status of the kadmin-remote branch? Is it merged to
master or if not is there a plan to do so?
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
sage-
> From: Emmanuel Lécharny [mailto:elecha...@gmail.com]
> Sent: Tuesday, May 09, 2017 7:17 AM
> To: kerby@directory.apache.org
> Subject: Re: Questions about the release
>
>
>
> Le 08/05/2017 à 21:40, Colm O hEigeartaigh a écrit :
> > I don't th
r. For now less change much better.
>
> Thanks again.
>
> Regards,
> Kai
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Tuesday, May 09, 2017 4:52 PM
> To: kerby@directory.apache.org
> Subject: Re: Questions about the r
dle Netty + SLF4J in "kdc-dist" and only SLF4J in the tool-dist,
so I think we are covered.
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
On Tue, May 9, 2017 at 11:04 AM, Emmanuel Lécharny <elecha...@gmail.com>
wrote:
>
>
> Le 09/05/2017 à 11
to other channels.
>
>
> That being said, you should also start thinking about moving Kerby to a
> TLP, now that 1.0 is out. Please consider doing so while discussing with
> press@a.o, so that both moves are done at the same time, in order to
> have more spotlights on the project.
>
/directory-kerby.git
Github site: https://github.com/apache/directory-kerby
Umbrella JIRA: https://issues.apache.org/jira/browse/DIRKRB-102
Thanks to everyone who contributed to the release!
Best Regards,
The Apache Directory Team
--
Colm O hEigeartaigh
Talend Community Coder
http
Thanks!
Colm.
On Tue, May 16, 2017 at 2:52 PM, Emmanuel Lécharny <elecha...@gmail.com>
wrote:
>
>
> Le 16/05/2017 à 15:42, Colm O hEigeartaigh a écrit :
> > Thanks, I guess it takes +24 hours as I made some changes yesterday
> morning
> > that still haven't appeare
Is it possible to push the staging site manually? I'm still waiting to see
the updates I made propagate through...
Colm.
On Tue, May 16, 2017 at 3:03 PM, Colm O hEigeartaigh <cohei...@apache.org>
wrote:
> Thanks!
>
> Colm.
>
> On Tue, May 16, 2017 at 2:52 PM, Emma
uel Lécharny <elecha...@gmail.com>
wrote:
>
>
> Le 17/05/2017 à 10:32, Colm O hEigeartaigh a écrit :
> > Is it possible to push the staging site manually? I'm still waiting to
> see
> > the updates I made propagate through...
>
> What commit don't you see on the s
Yes, looks good thanks!
Colm.
On Wed, May 17, 2017 at 11:00 AM, Emmanuel Lécharny <elecha...@gmail.com>
wrote:
> That should be OK now. Can you check ?
>
>
> Le 17/05/2017 à 11:40, Colm O hEigeartaigh a écrit :
> > No the staging site is fine - the problem is that
;>
>> Run kadmin, kinit, klist successfully.
>>
>>
>>
>> non-binding +1 from me.
>>
>>
>>
>> Regards,
>>
>> Frank
>>
>>
>>
>> *From:* Colm O hEigeartaigh [mailto:cohei...@apache.org
>>
Thanks Emmanuel...where is the staging site?
Colm.
On Tue, May 16, 2017 at 1:12 PM, Emmanuel Lécharny <elecha...@gmail.com>
wrote:
>
>
> Le 16/05/2017 à 11:44, Colm O hEigeartaigh a écrit :
> > Yes, the release is done and available in Maven central + the dist. The
> >
ck so far? Thanks!
>
> Sent from iPhone
>
> > 在 2017年5月13日,下午9:54,Colm O hEigeartaigh <cohei...@apache.org> 写道:
> >
> > With all +1 votes, this vote passes. I'll do the release.
> >
> > Colm.
> >
> > On Fri, May 12, 2017 at 12:54 PM,
Colm.
On Tue, May 9, 2017 at 12:46 PM, Emmanuel Lécharny <elecha...@gmail.com>
wrote:
>
>
> Le 09/05/2017 à 12:24, Colm O hEigeartaigh a écrit :
> > Thanks Emmanuel. The user would have to add zookeeper/nimbus in the poms
> > before generating the distribution to a
> modified portion" portions from the NOTICE file, but not "This product
> optionally depends on" from here:
>
> https://github.com/netty/netty/blob/4.1/NOTICE.txt
>
> ? As well as any of the licenses that are referred.
>
> Colm.
>
> On Tue, May 9, 2017 a
ay 9, 2017 at 2:37 PM, Emmanuel Lécharny <elecha...@gmail.com>
wrote:
>
>
> Le 09/05/2017 à 14:23, Colm O hEigeartaigh a écrit :
> > Hi Kai,
> >
> > What matters is what jars we are including in the "lib". Any changes
> Netty
> > made to th
Great thanks! I will re-spin the release.
Colm.
On Tue, May 9, 2017 at 4:01 PM, Emmanuel Lécharny <elecha...@gmail.com>
wrote:
>
>
> Le 09/05/2017 à 16:54, Colm O hEigeartaigh a écrit :
> > OK I have added all of the parts from the Netty NOTICE that were
> "modifi
.
c) Is there a way to differentiate between anonymous + authenticated PKINIT
in the KDC configuration? What if you don't want to allow the anonymous
case?
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
kin...@apache.org>
wrote:
>
> > On May 16, 2017, at 4:44 AM, Colm O hEigeartaigh <cohei...@apache.org>
> wrote:
> >
> > Yes, the release is done and available in Maven central + the dist. The
> website isn't updated yetis there anything I need to do to
5: Response was not from master KDC
> [1590761] 1496516355.25127: Decoding FAST response
> [1590761] 1496516355.25198: FAST reply key: aes256-cts/03AB
> [1590761] 1496516355.25234: TGS reply is for u...@example.com -> krbtgt/
> example@example.com with session key aes256-cts/A423
> [1590761] 1496516355.25246: Got cred; 0/Success
> [1590761] 1496516355.25315: Creating authenticator for u...@example.com ->
> myservice/kdc.example@example.com, seqnum 751690771, subkey
> aes256-cts/91D0, session key aes256-cts/126E
>
>
>
> My best guess is that maybe I'm missing some configuration steps in my Java
> code and that's causing the FAST request to fail. I couldn't find any code
> examples for kerby anywhere which can help me with my use case. Does anyone
> have any ideas about the above?
>
> Apologies again for the long email, just wanted to share my trials so far.
> Have a nice weekend.
>
> Cheers,
> Pratyush
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
ustify a new minor release.
>
> Regards,
> Kai
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Monday, June 19, 2017 4:45 PM
> To: kerby@directory.apache.org
> Subject: Re: MIT Kerberos compatibility
>
> Yes, it wor
y to check that it's actually getting inserted
properly?
Thoughts? Am I missing anything else?
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
nd as a comment below:
> >>
> >> https://issues.apache.org/jira/browse/DIRKRB-614
> >>
> >> Cheers, Marc
> >>
> >>
> >> Kai wrote:
> >>
> >> It seems so and we need to fix it. However, I don't see any
ar:1.52:compile
> > [INFO] | \- commons-io:commons-io:jar:2.4:compile
> > [INFO] +- junit:junit:jar:4.12:test
> > [INFO] | \- org.hamcrest:hamcrest-core:jar:1.3:test
> > [INFO] \- org.assertj:assertj-core:jar:2.6.0:test
> > [INFO]
> >
> > [INFO] BUILD SUCCESS
> > [INFO]
> >
> > [INFO] Total time: 1.527 s
> > [INFO] Finished at: 2017-05-08T06:14:52+02:00 [INFO] Final Memory:
> > 15M/247M [INFO]
> >
> >
> >
> > As we can see, nimbus-jose-jwt has itself some dependencies that requires
> > some N (potentially, that has to be checked) :
> > jcip-annotations, json-smart and bcprov-jdk15on. If nimbus-jose-jwt has
> > done its job properly, its N files should already contain the required
> > bits, but we must check.
> >
> >
> > This tas has to be ran on all the modules that have noapache and
> non-tests
> > dependencies...
> >
> >
> > --
> > Emmanuel Lecharny
> >
> > Symas.com
> > directory.apache.org
> >
> > --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
s again and made
> improvements. Would you check it out? Thanks!
>
> Sent from iPhone
>
> > 在 2017年5月6日,上午6:28,Zheng, Kai <kai.zh...@intel.com> 写道:
> >
> > Thanks colm for the clarification and it sounds an issue we need to
> address. I will investigate it s
nd
> improve the default transport. We probably shouldn't introduce more changes
> to get the release out. Note please prefer to use the TCP transport over
> the UDP one, in today's world.
>
> Regards,
> Kai
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:
; the new failures? Any difference between the failed GSS tests and the Kerby
> GSS tests?
>
> Regards,
> Kai
>
> -----Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Monday, May 08, 2017 5:42 PM
> To: Zheng, Kai <kai.zh...@intel
d to vote before we have release
> artifacts or after that? Hope we can make it soon and won't block the
> Hadoop 3.0 Alpha3 releasing.
>
> Regards,
> Kai
>
> -Original Message-----
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Friday, May 05, 2
OK will do.
Colm.
On Fri, May 5, 2017 at 12:55 PM, Zheng, Kai <kai.zh...@intel.com> wrote:
> Thanks for the catch, Colm. It looks like a mess and we should bring those
> backends back.
>
> Regards,
> Kai
>
> -Original Message-
> From: Colm O hEigeartai
OK, I've merged a bunch of fixes and I'm now done for the 1.0.0-GA release.
I see there are still a few open JIRAs. When do you anticipate calling the
vote?
Colm.
On Wed, May 3, 2017 at 1:01 PM, Colm O hEigeartaigh <cohei...@apache.org>
wrote:
> There are a lot of open issues (incl
Hi Jiajia,
Is there a reason why the following modules are commented out?
commit 6560e6d98b3f642b628a0e50e58a917f6da7d8bf
Author: plusplusjiajia <jiajia...@intel.com>
Date: Wed Apr 19 15:03:26 2017 +0800
Skip ldap, mavibot and zookeeper backends build.
Colm.
--
Colm O hEigea
.
> We don't use Netty in default.
> What's your test-cases? The same as the Marc's?
>
> Thanks
> Jiajia
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Friday, May 5, 2017 10:09 PM
> To: kerby@directory.apache.org
>
ort(disable udp),
> both got ticket successfully. But I don't get the error message. Both
> krb.conf and kdc.conf should set udp to be false, udp is enabled in default.
>
> Thanks
> Jiajia
>
> -----Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.or
That's probably it. Why does the default transport not support UDP in Kerby?
Colm.
On Fri, May 5, 2017 at 4:54 PM, Li, Jiajia <jiajia...@intel.com> wrote:
> Are you sure add kdc_allow_udp = false in kdc.conf?
>
> Thanks
> Jiajia
>
> -Original Message-
>
dler.java:46)
> >> at
> >> java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
> >> at
> >> java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
> >> at java.lang.Thread.run(Thread.java:748)
> >> 2017-04-29 21:07:55,602 DEBUG [pool-1-thread-1]
> >> backend.AbstractIdentityBackend: getIdentity called, principalName =
> >> krbtgt/test@test.com
> >> 2017-04-29 21:07:55,602 DEBUG [pool-1-thread-1]
> >> backend.AbstractIdentityBackend: getIdentity successful,
> >> principalName = krbtgt/test@test.com
> >> 2017-04-29 21:07:55,602 INFO [pool-1-thread-1] request.KdcRequest:
> >> Found fast padata and start to process it.
> >> 2017-04-29 21:07:55,603 ERROR [pool-1-thread-1]
> >> impl.DefaultKdcHandler: Error occured while processing request:
> >> org.apache.kerby.kerberos.kerb.KrbException: Decoding failed
> >> at org.apache.kerby.kerberos.kerb.KrbCodec.decode(KrbCodec.
> java:85)
> >> at org.apache.kerby.kerberos.kerb.KrbCodec.decode(KrbCodec.
> java:70)
> >> at
> >> org.apache.kerby.kerberos.kerb.server.request.KdcRequest.kdcFindFast(
> KdcRequest.java:208)
> >> at
> >> org.apache.kerby.kerberos.kerb.server.request.
> KdcRequest.process(KdcRequest.java:168)
> >> at
> >> org.apache.kerby.kerberos.kerb.server.KdcHandler.
> handleMessage(KdcHandler.java:115)
> >> at
> >> org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandler.
> handleMessage(DefaultKdcHandler.java:67)
> >> at
> >> org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandler.run(
> DefaultKdcHandler.java:52)
> >> at
> >> java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
> >> at
> >> java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
> >> at java.lang.Thread.run(Thread.java:748)
> >> Caused by: java.io.IOException: Unexpected item context [0]
> >> [tag=0xA0, off=0, len=3+207], expecting 0x30
> >> at
> >> org.apache.kerby.asn1.type.Asn1Encodeable.decode(
> Asn1Encodeable.java:210)
> >> at
> >> org.apache.kerby.asn1.type.Asn1Encodeable.decode(
> Asn1Encodeable.java:197)
> >> at org.apache.kerby.kerberos.kerb.KrbCodec.decode(KrbCodec.
> java:83)
> >> ... 9 more
> >> 2017-04-29 21:07:55,604 DEBUG [pool-1-thread-1]
> >> impl.DefaultKdcHandler: Transport or decoding error occurred,
> >> disconnecting abnormally
> >> java.net.SocketException: Socket closed
> >> at java.net.SocketInputStream.socketRead0(Native Method)
> >> at java.net.SocketInputStream.socketRead(SocketInputStream.
> java:116)
> >> at java.net.SocketInputStream.read(SocketInputStream.java:171)
> >> at java.net.SocketInputStream.read(SocketInputStream.java:141)
> >> at java.net.SocketInputStream.read(SocketInputStream.java:224)
> >> at java.io.DataInputStream.readInt(DataInputStream.java:387)
> >> at
> >> org.apache.kerby.kerberos.kerb.transport.KrbTcpTransport.
> receiveMessage(KrbTcpTransport.java:54)
> >> at
> >> org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandler.run(
> DefaultKdcHandler.java:46)
> >> at
> >> java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
> >> at
> >> java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
> >> at java.lang.Thread.run(Thread.java:748)
> >>
> >> In a FreeIPA environment these python lines "just" work.
> >>
> >> Any suggestions are welcome!
> >>
> >> Marc
> >>
> >>
> > --
> > Marc de Lignie
> >
>
> --
> Marc de Lignie
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
/12332775
+1 from me.
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
default, which should be okay,
> imo. Thanks.
>
> Sent from iPhone
>
> > 在 2017年5月6日,上午12:02,Colm O hEigeartaigh <cohei...@apache.org> 写道:
> >
> > That's probably it. Why does the default transport not support UDP in
> Kerby?
> >
> > Colm.
> &
t; >>
> >> Le 08/05/2017 à 11:26, Colm O hEigeartaigh a écrit :
> >>> Hi Emmanuel,
> >>>
> >>> Is there a wiki page or something that you are aware of at Apache that
> >>> clearly lays out what the obligations of projects are fo
I don't think we need the Mockito notice as it's a test dependency, right?
Colm.
On Mon, May 8, 2017 at 3:02 PM, Colm O hEigeartaigh <cohei...@apache.org>
wrote:
> Actually, scratch that, it's fine to have the NOTICE file with the
> dependency information in the source as we
ease work?
> 1.0.0 GA will used in the next Hadoop release version 3.0.0-alpha3(May
> 15), so we should finish the release before it.
>
> Thanks
> Jiajia
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Thursday, May 4, 2017 7:33 PM
&g
Any thoughts on what the release version should be? We're using 1.0.0-GA in
JIRA, but I'm thinking just "1.0.0" for the poms.
Colm.
On Thu, May 4, 2017 at 3:20 PM, Colm O hEigeartaigh <cohei...@apache.org>
wrote:
> Yes, I will take care of the release today.
>
> Colm
gt; The blog looks pretty informative. I thought we should list or mention it
> somewhere in our Directory/Kerby projects.
>
> Regards,
> Kai
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Monday, September 11, 2017 7:30 PM
&
Now that I've finished the JWT access token work, it'd be nice to finish
the Anonymous PKINIT side of things to get the Identity token part of it to
work. Please review my questions below.
Colm.
On Tue, Jun 20, 2017 at 12:39 PM, Colm O hEigeartaigh <cohei...@apache.org>
wrote:
&g
/
In particular, the source artifacts:
https://repository.apache.org/content/repositories/orgapachedirectory-1146/org/apache/kerby/kerby-all/1.0.1/
+1 from me.
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
el.com> wrote:
> Thanks Colm for the take. I'll try to bring up the context in my mind and
> give you some comments later.
>
> Regards,
> Kai
>
> -----Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Friday, September 08, 201
Where we can get notified by the announcement? Before I can receive such
> announcement messages, but now I don't, not sure what's wrong.
>
> -kai
>
> -----Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Wednesday, September 13, 2017 4:41
release before or after
> the upcoming 3.0 BETA 1, so that's why I asked.
>
> Any contributor would love to take this? Thanks!
>
> -kai
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Wednesday, September 13, 2017 7:13 PM
> T
merging PRs a lot
easier.
IMO we should also migrate...any thoughts?
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
IRKRB-614<
> https://issues.apache.org/jira/browse/DIRKRB-614>, DIRKRB-631<
> https://issues.apache.org/jira/browse/DIRKRB-631>;
> > Fix the network related issue: DIRKRB-629<https://issues.
> apache.org/jira/browse/DIRKRB-629>;
> > And with some improvements
for 1.0.x
> * Change Jenkins job and source/target level in pom.xml to Java 8
>
> Your call :)
>
> Kind Regards,
> Stefan
>
> [1] https://builds.apache.org/view/A-D/view/Directory/job/dir-kerby/
> [2] https://builds.apache.org/view/A-D/view/Directory/job/
> dir-kerby
e, N checked : all is good
>
>
> +1 !
>
>
> Le 30/08/2017 à 12:30, Colm O hEigeartaigh a écrit :
> > This is a vote to release Apache Kerby 1.0.1.
> >
> > Issues fixed:
> >
> > https://issues.apache.org/jira/projects/DIRKRB/versions/12340574
> >
&
environments
such as cloud, Hadoop and mobile.
This is a new major release of Apache Kerby, which implements cross-realm
support, and also includes a GSSAPI module.
http://directory.apache.org/kerby/
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
successful, could continue the others steps, such as:
> getting SGT ticket.
>
> We replace the step through "kinit" to get Kerberos Ticket. There are two
> important benefits:
> 1. The user's principal may not be in the backend, security admins won't
> have to migrate
mart,
which is Apache licensed:
https://github.com/netplex/json-smart-v2/blob/master/LICENSE
Colm.
> Le 21/11/2017 à 12:29, Colm O hEigeartaigh a écrit :
> > This is a vote to release Apache Kerby 1.1.0. This is a new major release
> > of Apache Kerby, which implements cr
tokens etc, where you can "plug in" the tokens
that are supported. It might be worth exploring if the functionality of HAS
could be integrated with the CXF STS.
Colm.
> Thanks,
> Jiajia
>
> -----Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
t; > HAS provides a complete Hadoop/Spark authentication framework and
> solution based on Kerberos, HAS can help to upgrade Kerby KDC, make it more
> solid and stronger. And if HAS can be merged to Apache Kerby, community
> will help HAS grow faster and users can more easily using this solution in
> their own production. We have two suggestions about how to merge:
> > - Option1:
> > Create a standalone module "kerby-has", putting HAS project under this
> module.
> > - Option2:
> > Suggest replacing kerby-kdc module with HAS, upgrade the Kerby KDC.
> >
> > Contributors:
> > Jiajia, Li (Intel)
> > Lin, Zeng (Intel)
> > Zhiqiang, Zhang (Intel)
> > Kai, Zheng (Intel)
> > Wei, Wu (Alibaba)
> > Jun, Song (Alibaba)
> > Long, Cao (Alibaba)
> > Zhenyuan, Wei (Alibaba)
> >
> > Your review efforts are truly appreciated, please feel free to provide
> us your feedback.
> >
> > Regards,
> > Jiajia
> >
> >
> >
> >
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
rby-kdc module with HAS, upgrade the Kerby KDC.
>
> Contributors:
> Jiajia, Li (Intel)
> Lin, Zeng (Intel)
> Zhiqiang, Zhang (Intel)
> Kai, Zheng (Intel)
> Wei, Wu (Alibaba)
> Jun, Song (Alibaba)
> Long, Cao (Alibaba)
> Zhenyuan, Wei (Alibaba)
>
> Your review efforts are truly appreciated, please feel free to provide us
> your feedback.
>
> Regards,
> Jiajia
>
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
1 - 100 of 158 matches
Mail list logo
