Hello
Yes it does. I put in another IP (or remove the entry altogether), then ApacheDS seems to search for leosservice/127.0.0.1/[email protected] - the IP seems to be ignored. Also, if I use another hostname than localhost the same happens, it always adds /example.com to the search (e. g. leosservice/myhostname/[email protected]). When I change the krb5PrincipalName to whatever it searches it works fine again. By the way, I'm running on Windows standalone, no DNS setup. Regards, Leo > Date: Wed, 23 Dec 2009 00:23:11 +0100 > From: [email protected] > To: [email protected] > Subject: Re: [ApacheDS] Slash domain name inserted when searching for service > principal in 1.5.5? > > Leonardo Graf a écrit : > > Hello > > > > Hi, > > can you check that the localhost entry in /etc/hosts does not refer to > the loopback address (127.0.0.1) ? If so, can you add your server IP > instead ? > > > > > > > I'm getting a service ticket from the directory server with this code: > > > > > > > > GSSManager manager = GSSManager.getInstance(); > > final Oid kerberos = new Oid("1.2.840.113554.1.2.2"); > > GSSName serverName = manager.createName("leosservice/[email protected]", > > GSSName.NT_HOSTBASED_SERVICE); > > final GSSContext context = manager.createContext( serverName, > > kerberos, null, > > GSSContext.DEFAULT_LIFETIME); > > > > Subject.doAs(loginContext.getSubject(), new > > PrivilegedExceptionAction<byte[]>() { > > > > public GSSContext run() throws Exception { > > byte[] token = new byte[0]; > > // This is a one pass context initialisation. > > context.requestMutualAuth( false); > > context.requestCredDeleg( false); > > byte[] serviceTicket = context.initSecContext( token, 0, token.length); > > > > ... > > > > > > > > This works nicely, but only if I set the krb5PrincipalName attribute to: > > leosservice/localhost/[email protected] > > > > > > > > If I set it to (without the domain name in between): > > leosservice/[email protected] as I would expect to be correct, the > > server complains with the following error: > > > > > > > > [22:46:36] WARN > > [org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] - > > No server entry found for kerberos principal name > > leosservice/localhost/[email protected] > > [22:46:36] WARN > > [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - > > Server not found in Kerberos database (7) > > org.apache.directory.server.kerberos.shared.exceptions.KerberosException: > > Server not found in Kerberos database > > at > > org.apache.directory.server.kerberos.shared.KerberosUtils.getEntry(KerberosUtils.java:315) > > at > > org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.getRequestPrincipalEntry(TicketGrantingService.java:310) > > at > > org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.execute(TicketGrantingService.java:103) > > at > > org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:158) > > at > > org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:721) > > at > > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433) > > at > > org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47) > > at > > org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:801) > > at > > org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375) > > at > > org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229) > > at > > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433) > > at > > org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47) > > at > > org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:801) > > at > > org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119) > > at > > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433) > > at > > org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:425) > > at > > org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436) > > at > > org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407) > > at > > org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56) > > at > > org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360) > > at > > org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) > > at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) > > at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) > > at java.lang.Thread.run(Unknown Source) > > Caused by: java.lang.NullPointerException > > at > > org.apache.directory.server.kerberos.shared.store.operations.GetPrincipal.getEntry(GetPrincipal.java:97) > > at > > org.apache.directory.server.kerberos.shared.store.operations.GetPrincipal.execute(GetPrincipal.java:81) > > at > > org.apache.directory.server.kerberos.shared.store.SingleBaseSearch.getPrincipal(SingleBaseSearch.java:63) > > at > > org.apache.directory.server.kerberos.shared.store.DirectoryPrincipalStore.getPrincipal(DirectoryPrincipalStore.java:71) > > at > > org.apache.directory.server.kerberos.shared.KerberosUtils.getEntry(KerberosUtils.java:311) > > ... 23 more > > > > > > > > > > Is this expected behaviour or am I doing something wrong? > > > > > > > > Regards, Leo > > > > _________________________________________________________________ > > Keep your friends updated—even when you’re not signed in. > > http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_5:092010 > > > _________________________________________________________________ Keep your friends updated—even when you’re not signed in. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_5:092010
