directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jiajia Li (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRKRB-615) Can not connect to TCP simplekdc server
Date Tue, 29 Aug 2017 08:26:00 GMT

    [ https://issues.apache.org/jira/browse/DIRKRB-615?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16144914#comment-16144914
] 

Jiajia Li commented on DIRKRB-615:
----------------------------------

[~jzhuge], I've tested, there is no problem in CentOS and with the same problem on Mac. By
default Heimdal will attempt to communicate with KDC over UDP, and won't retry TCP after UDP
failed. It's the issue in client side, so I suggest you can use the Kerby kinit.

> Can not connect to TCP simplekdc server
> ---------------------------------------
>
>                 Key: DIRKRB-615
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-615
>             Project: Directory Kerberos
>          Issue Type: Bug
>    Affects Versions: 1.0.0-RC2
>         Environment: $ mvn -version
> Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5; 2015-11-10T08:41:47-08:00)
> Maven home: /Users/jzhuge/apache-maven-3.3.9
> Java version: 1.8.0_131, vendor: Oracle Corporation
> Java home: /Library/Java/JavaVirtualMachines/jdk1.8.0_131.jdk/Contents/Home/jre
> Default locale: en_US, platform encoding: UTF-8
> OS name: "mac os x", version: "10.12.6", arch: "x86_64", family: "mac"
> $ sw_vers
> ProductName:	Mac OS X
> ProductVersion:	10.12.6
> BuildVersion:	16G29
>            Reporter: John Zhuge
>            Assignee: Jiajia Li
>
> Started a simplekdc server which generated the following krb5.conf:
> {code}
> [libdefaults]
>     kdc_realm = EXAMPLE.COM
>     default_realm = EXAMPLE.COM
>     udp_preference_limit = 1
>     kdc_tcp_port = 10088
>     #_KDC_UDP_PORT_
> [realms]
>     EXAMPLE.COM = {
>         kdc = localhost:10088
>     }
> {code}
> But kinit failed to connect to simplekdc server on Mac:
> {noformat} 
> $ kinit jzhuge
> jzhuge@EXAMPLE.COM's password: 
> kinit: krb5_get_init_creds: unable to reach any KDC in realm EXAMPLE.COM, tried 1 KDC
> {noformat}
> Wireshark showed kinit used UDP, while simplekdc was configured with TCP. Replaced the
{{kdc}} option in krb5.conf with {{kdc = tcp/localhost:10088}}, kinit was able to connect.
> Suggested fix:
> Add {{<service>/}} prefix to option {{kdc}} in the template https://github.com/apache/directory-kerby/blob/trunk/kerby-kerb/kerb-simplekdc/src/main/resources/krb5-template.conf
and https://github.com/apache/directory-kerby/blob/trunk/kerby-kerb/kerb-simplekdc/src/main/resources/krb5_udp-template.conf.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message