On Thu, Apr 10, 2014 at 6:37 PM, Josh Clum <joshc...@gmail.com> wrote:
> Added "EXAMPLE.COM localhost" to /etc/hosts so now i can ping EXAMPLE.COM,
> but still no luck.
>
> I did notice that when i call kdcServer.isStarted() in my test, that it
> will always return false. It seems that the method that kdcServer.start();
> is not correctly setting the started flag. I tried manually kdcServer.stop();
> then kdcServer.start(); as another check.
>
I doubt that, which version of the server are you using?
>
> Is there any way to connect to the kdc other than just trying to kinit?
> Any other thoughts?
>
> you can use KdcConnection present in kerberos-client module to test
>
> On Thu, Apr 10, 2014 at 4:57 AM, Kiran Ayyagari <kayyag...@apache.org>wrote:
>
>>
>>
>>
>> On Thu, Apr 10, 2014 at 1:14 AM, Josh Clum <joshc...@gmail.com> wrote:
>>
>>> Hi,
>>>
>>> I'm trying to set up an IT for one of my classes that inherits from
>>> using the AbstractKerberosITest inside of apacheds-kerberos-test.
>>>
>>> Here are the annotations on my class:
>>>
>>> @RunWith(FrameworkRunner.class)
>>> @CreateDS(name = "KerberosTcpIT-class",
>>> partitions = {
>>> @CreatePartition(name = "example", suffix = "dc=example,dc=com")},
>>> additionalInterceptors = { KeyDerivationInterceptor.class })
>>> @CreateLdapServer(transports = { @CreateTransport(protocol = "LDAP") })
>>> @CreateKdcServer(transports = { @CreateTransport( protocol = "TCP",
>>> port = 6089) })
>>>
>>> @ApplyLdifFiles("org/apache/directory/server/kerberos/kdc/KerberosIT.ldif")
>>>
>>>
>>> AbstractKerberosITest generates a krb5.conf that looks like this:
>>>
>>> [libdefaults]
>>> default_realm = EXAMPLE.COM
>>> default_tkt_enctypes = des3-cbc-sha1
>>> default_tgs_enctypes = des3-cbc-sha1
>>> permitted_enctypes = des3-cbc-sha1
>>> default-checksum_type = hmac-sha1-des3
>>> udp_preference_limit = 1
>>> [realms]
>>> EXAMPLE.COM = {
>>> kdc = localhost:6089
>>> }
>>> [domain_realm]
>>> .example.com = EXAMPLE.COM
>>> example.com = EXAMPLE.COM
>>>
>>> To kinit, I'm using this command (hnelson is automatically added by
>>> AbstractKerberosITest):
>>>
>>> env KRB5_CONFIG=/path/to/krb5.conf kinit -k -t /path/to/hnelson.keytab
>>> hnel...@example.com
>>>
>>> And I get this error:
>>>
>>> kinit: krb5_get_init_creds: unable to reach any KDC in realm
>>> EXAMPLE.COM
>>>
>>> The kdc seems to running just fine:
>>>
>>> ➜ ~ lsof -i :6089
>>> COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
>>> java 98545 clumjo 201u IPv6 0x3b381b5f4ac2a677 0t0 TCP
>>> localhost:6089 (LISTEN)
>>> ➜ ~ telnet localhost 6089
>>> Trying ::1...
>>> telnet: connect to address ::1: Connection refused
>>> Trying 127.0.0.1...
>>> Connected to localhost.
>>>
>>> Do you have any thoughts as to what might be wrong?
>>>
>>> nope, am able to get the ticket using the same config (but with a
>> standalone server)
>> looks like some DNS issue, can you map EXAMPLE.COM to loopback address
>> in your hosts file and see
>>
>>> Thanks,
>>>
>>> Josh
>>>
>>>
>>
>>
>> --
>> Kiran Ayyagari
>> http://keydap.com
>>
>
>
--
Kiran Ayyagari
http://keydap.com
