directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Kerby GSS tests?
Date Tue, 21 Apr 2015 10:29:25 GMT
Hi Kai,

Thanks for your response. I have a test-case of sorts that shows the
interop failure (although I can't reproduce the issue I reported yesterday
about the preauthentication data).

https://github.com/coheigea/testcases/tree/master/apache/cxf/cxf-kerberos-kerby

Run it with "mvn clean install". You may need the install the parent module
as well before running this, which is one level up.

The test sets up a Kerby server, and I have a @Ignore'd test using Kerby
client API to successfully communicate with it. Then I have a Apache
CXF-based test which uses the Kerberos functionality here (based on GSS) to
get a service ticket. If I put printStackTrace in the DefaultKdcHandler the
output looks like:

Loaded from Java config
>>> KdcAccessibility: reset
>>> KdcAccessibility: reset
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23 1 3.
>>> KrbAsReq creating message
>>> KrbKdcReq send: kdc=127.0.0.1 TCP:9002, timeout=30000, number of
retries =3, #bytes=169
>>> KDCCommunication: kdc=127.0.0.1 TCP:9002, timeout=30000,Attempt =1,
#bytes=169
java.net.SocketTimeoutException: Read timed out
    at java.net.SocketInputStream.socketRead0(Native Method)
    at java.net.SocketInputStream.read(SocketInputStream.java:152)
    at java.net.SocketInputStream.read(SocketInputStream.java:122)
    at java.net.SocketInputStream.read(SocketInputStream.java:210)
    at java.io.DataInputStream.readInt(DataInputStream.java:387)
    at
org.apache.kerby.kerberos.kerb.transport.KrbTcpTransport.receiveMessage(KrbTcpTransport.java:54)
    at
org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandler.run(DefaultKdcHandler.java:46)
    at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)
>>>DEBUG: TCPClient could not read length field
>>> KrbKdcReq send: #bytes read=0

Any ideas?

Colm.

On Tue, Apr 21, 2015 at 12:09 AM, Zheng, Kai <kai.zheng@intel.com> wrote:

>  Hi Colm,
>
>
>
> We haven’t any test for GSS client against Kerby yet, though we do have
> tests in protocol level for ApReq (in kerb-core-test module). We might look
> at existing ApacheDS Kerberos codes to see if any such end to end tests to
> port.
>
>
>
> You’re right, current UDP support for KdcNetwork and NettyKdcNetwork are
> to be done yet. I originally got them done some days ago, but recently I
> was extremely busy with other projects, so kinds of delayed. Sure JIRAs
> would be good to record them.
>
>
>
> For the issue you ran into, do you have test codes to repeat it, so we may
> have the chance to look at it? Thanks.
>
>
>
> Regards,
>
> Kai
>
>
>
> *From:* Colm O hEigeartaigh [mailto:coheigea@apache.org]
> *Sent:* Monday, April 20, 2015 10:40 PM
> *To:* Apache Directory Developers List
> *Subject:* Kerby GSS tests?
>
>
>
> Hi all,
>
>
>
> Are there any tests in the source (or has anyone successfully tested) a
> Java GSS client -> Apache Kerby?
>
> The first issue I ran into was that neither the KdcNetwork nor the
> NettyKdcNetwork work with UDP. Is there a JIRA for this (or any plans to
> fix it)?
>
> I could work around the above by setting "udp_preference_limit = 1".
> However, I then run into an issue where it fails due to no
> pre-authentication data in the request. Are we sure that this parsing is
> working correctly?
>
> Colm.
>
>
>
> --
>
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
View raw message