Re: [ApacheDS] programmatically creating a keytab file with multiple principals

Mon, 05 Aug 2013 06:40:45 -0700 

I've looked around in the code and the problem seems to be in the
KeytabEncoder.write()  method:

-----
    ByteBuffer write( byte[] keytabVersion, List<KeytabEntry> entries )
    {
        ByteBuffer buffer = ByteBuffer.allocate( 512 );
        putKeytabVersion( buffer, keytabVersion );
        putKeytabEntries( buffer, entries );
        buffer.flip();

        return buffer;
    }
-----

the buffer is hardcoded to 512 when it should take into account the entry
size.

making the buffer size to be entries.lenght() * 120 fixes the problem to
create the keytab, still have to test such keytab.

though I  don't know if this is the right approach.

thx


On Sun, Aug 4, 2013 at 9:00 PM, Alejandro Abdelnur <[email protected]> wrote:

> Hi,
>
> I'm trying to create a keytab programmatically with multiple principals
> but it is failing on write with the following error:
>
> ------
> java.nio.BufferOverflowException
>  at java.nio.HeapByteBuffer.put(HeapByteBuffer.java:182)
> at
> org.apache.directory.server.kerberos.shared.keytab.KeytabEncoder.putKeytabEntries(KeytabEncoder.java:83)
>  at
> org.apache.directory.server.kerberos.shared.keytab.KeytabEncoder.write(KeytabEncoder.java:48)
> at
> org.apache.directory.server.kerberos.shared.keytab.Keytab.write(Keytab.java:95)
>
> ------
>
> If I create the keytab with a single principal it works just fine
> following is the snippet on the keytab creation.
>
> ------
>   protected void createPrincipal(File keytabFile, String ... principals)
>       throws Exception {
>     Keytab keytab = Keytab.getInstance();
>     List<KeytabEntry> entries = new ArrayList<KeytabEntry>();
>     for (String principal : principals) {
>       createPrincipal(principal, "secret");
>       String orgName= conf.getProperty(ORG_NAME);
>       String orgDomain = conf.getProperty(ORG_DOMAIN);
>       String realm = orgName.toUpperCase() + "." + orgDomain.toUpperCase();
>       principal = principal + "@" + realm;
>       KerberosTime timestamp = new KerberosTime();
>        for (Map.Entry<EncryptionType, EncryptionKey> entry :
> KerberosKeyFactory
>           .getKerberosKeys(principal, "secret").entrySet()) {
>         EncryptionKey ekey = entry.getValue();
>         byte keyVersion = (byte) ekey.getKeyVersion();
>         entries.add(new KeytabEntry(principal, 1L, timestamp, keyVersion,
> ekey));
>       }
>     }
>     keytab.setEntries(entries);
>     keytab.write(keytabFile);
>   }
> ------
>
> I'd appreciate any hint on how to do this or if it is not possible.
>
> Thanks.
>
> Alejandro
>

Reply via email to