I modified the KerberosProtocolHandler to test if the "codec" filter was
previously added to the filter chain:
public void sessionCreated( IoSession session ) throws Exception
{
if ( log.isDebugEnabled() )
{
log.debug( "{} CREATED: {}", session.getRemoteAddress(),
session.getTransportMetadata() );
}
if ( session.getTransportMetadata().isConnectionless() )
{
if (session.getFilterChain().get("codec") == null)
session.getFilterChain().addFirst( "codec",
new ProtocolCodecFilter(
KerberosUdpProtocolCodecFactory.getInstance() ) );
}
else
{
if (session.getFilterChain().get("codec") == null)
session.getFilterChain().addFirst( "codec",
new ProtocolCodecFilter(
KerberosTcpProtocolCodecFactory.getInstance() ) );
}
}
Not I get a new error:
[16:03:34] WARN
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler]
- Client not found in Kerberos database (6)
org.apache.directory.server.kerberos.shared.exceptions.KerberosException:
Client not found in Kerberos database
at
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.getEntry(AuthenticationService.java:747)
at
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.getClientEntry(AuthenticationService.java:152)
at
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.execute(AuthenticationService.java:103)
at
org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:156)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:722)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:48)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:802)
at
org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:392)
at
org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:228)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:48)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:802)
at
org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:120)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:417)
at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:388)
at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:57)
at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:341)
at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:65)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown
Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.directory.shared.ldap.NotImplementedException: N
O T I M P L E M E N T E D Y E T !
at
org.apache.directory.server.kerberos.shared.store.DirectoryPrincipalStore.getPrincipal(DirectoryPrincipalStore.java:95)
at
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.getEntry(AuthenticationService.java:743)
... 23 more
Does this mean that the Kerberos servier in 1.5.5-SNAPSHOT is not
presently implemented? Am I out of luck at this point?
Thanks, David
David R Robison wrote:
I'm also getting this error:
java.lang.ClassCastException:
org.apache.mina.core.buffer.SimpleBufferAllocator$SimpleBuffer cannot
be cast to
org.apache.directory.server.kerberos.shared.messages.KdcRequest
at
org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:140)
Any thoughts? David
David R Robison wrote:
I'm now getting a new error:
java.lang.IllegalArgumentException: Other filter is using the same
name 'codec'
It looks like both the KdcServer and KerberosProtocolHandler classes
define that codec. Should it only be done in one place?
David
David R Robison wrote:
Well, I finally got the kdcServer to startup, I'm proceeding with
testing against it. The problem was that the kdcServer element in
the server.xml file needed id="kdcServer"
David
David R Robison wrote:
I have. I also tried to give the kdcServer an Id and reference it
in the apacheDS element:
<kdcServer id="kdcServer">
<tcpTransport>
<tcpTransport port="88" nbThreads="4" backLog="50"/>
</tcpTransport>
<udpTransport>
<udpTransport port="88" nbThreads="4" backLog="50"/>
</udpTransport>
<directoryService>#directoryService</directoryService>
</kdcServer>
...
<apacheDS id="apacheDS"
synchPeriodMillis="15000"
allowAnonymousAccess="false">
<directoryService>#directoryService</directoryService>
<ldapService>#ldapService</ldapService>
<ldapsService>#ldapsService</ldapsService>
<kdcServer>#kdcServer</kdcServer>
<!-- We load the orci root context entry here -->
<ldifDirectory>../instances/default/conf/orciRoot.ldif</ldifDirectory>
</apacheDS>
but then it complains that the kdcServer is not a valid property of
the apacheDS element. My guess is that the kdcServer needs to be
references somewhere else, but I'm not sure where. David
Emmanuel Lecharny wrote:
On Mon, Feb 23, 2009 at 5:11 PM, David R Robison
<[email protected]> wrote:
I copied the following files to the lib directory of the DS
install and
restarted the server.
bcprov-ext-jdk16-141.jar
bcprov-jdk16-141.jar
Things seem to run OK, but the Kerberos server still does not
seem to want
to start up. Here is the log.
Have you uncommented the kerberos part in the server.xml file ?
<!--
+============================================================+
| Kerberos server configuration |
+============================================================+
-->
<!-- missing atou=users,dc=example,dc=com
<--------------------- here, remove the starting comment
<kdcServer>
<tcpTransport>
<tcpTransport port="60088" nbThreads="4" backLog="50"/>
</tcpTransport>
<udpTransport>
<udpTransport port="60088" nbThreads="4" backLog="50"/>
</udpTransport>
<directoryService>#directoryService</directoryService>
</kdcServer>
-->
I must tell you that the Kerberos server is really in an hazardous
state, atm. It _may_ work, but there are no guarantee :/
--
David R Robison
Open Roads Consulting, Inc.
103 Watson Road, Chesapeake, VA 23320
phone: (757) 546-3401
e-mail: [email protected]
web: http://openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/book_detail.php?id=2579
This e-mail communication (including any attachments) may contain
confidential and/or privileged material intended solely for the
individual or entity to which it is addressed. If you are not the
intended recipient, you should immediately stop reading this message and
delete it from all computers that it resides on. Any unauthorized
reading, distribution, copying or other use of this communication (or
its attachments) is strictly prohibited. If you have received this
communication in error, please notify us immediately.
