directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (Jira)" <j...@apache.org>
Subject [jira] [Updated] (DIRSERVER-2327) Add possibility to use custom ReplayCache implementation
Date Tue, 08 Sep 2020 08:35:00 GMT

     [ https://issues.apache.org/jira/browse/DIRSERVER-2327?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Colm O hEigeartaigh updated DIRSERVER-2327:
-------------------------------------------
    Fix Version/s: 2.0.0.AM27

> Add possibility to use custom ReplayCache implementation
> --------------------------------------------------------
>
>                 Key: DIRSERVER-2327
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2327
>             Project: Directory ApacheDS
>          Issue Type: Improvement
>            Reporter: Josef Cacek
>            Assignee: Colm O hEigeartaigh
>            Priority: Major
>             Fix For: 2.0.0.AM27
>
>
> Add the possibility to configure the ReplayCache implementation (or disable replay cache)
in KDC.
> When the KdcServer is used in embedded tests, and tests run in parallel, they intermittently
fail with "Request is a replay (34) - Request is a replay".
> I saw the problematic behavior in JBoss AS testsuite:
> [https://issues.redhat.com/browse/JBPAPP-10974]
>  
> And also in Hazelcast Enterprise tests:
> [https://github.com/hazelcast/hazelcast-enterprise/issues/3646]
>  
> JBoss resolves it by injecting dummy ReplayCache implementation by using reflection: [https://source.jboss.org/changelog/JBossAS6?cs=114679&_sscc=t]
>  
> We will probably disable parallel test execution in Hazelcast to workaround it.
> It would be great to have a possibility to configure the implementing class in the {{@CreateKdcServer
annotation.}}
> h3. {{Stacktrace from a failing test}}
>  
> {{KrbException: Request is a replay (34) - Request is a replayKrbException: Request is
a replay (34) - Request is a replay at java.security.jgss/sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:73)
at java.security.jgss/sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:250) at java.security.jgss/sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:261)
at java.security.jgss/sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:308)
at java.security.jgss/sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:126)
at java.security.jgss/sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:458)
at java.security.jgss/sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:695)
at java.security.jgss/sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:265)
at java.security.jgss/sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:196)
at com.hazelcast.security.impl.KerberosCredentialsFactory.createTokenCredentials(KerberosCredentialsFactory.java:163)
at com.hazelcast.security.impl.KerberosCredentialsFactory.lambda$0(KerberosCredentialsFactory.java:127)
at java.base/java.security.AccessController.doPrivileged(Native Method) at java.base/javax.security.auth.Subject.doAs(Subject.java:361)
at com.hazelcast.security.impl.KerberosCredentialsFactory.newCredentials(KerberosCredentialsFactory.java:127)
at com.hazelcast.security.impl.KerberosCredentialsFactory.newCredentials(KerberosCredentialsFactory.java:148)
at com.hazelcast.security.loginimpl.GssApiLoginModuleTest.getKerberosCredentials(GssApiLoginModuleTest.java:169)
at com.hazelcast.security.loginimpl.GssApiLoginModuleTest.testCutOffRealmFromName(GssApiLoginModuleTest.java:132)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:564) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) at
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47) at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at com.hazelcast.test.FailOnTimeoutStatement$CallableStatement.call(FailOnTimeoutStatement.java:114)
at com.hazelcast.test.FailOnTimeoutStatement$CallableStatement.call(FailOnTimeoutStatement.java:1)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.lang.Thread.run(Thread.java:844)Caused
by: KrbException: Identifier doesn't match expected value (906) at java.security.jgss/sun.security.krb5.internal.KDCRep.init(KDCRep.java:140)
at java.security.jgss/sun.security.krb5.internal.TGSRep.init(TGSRep.java:65) at java.security.jgss/sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:60)
at java.security.jgss/sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:55) ... 28 more}}{{ }}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org


Mime
View raw message