From dev-return-61723-apmail-directory-dev-archive=directory.apache.org@directory.apache.org Tue Sep 8 08:35:03 2020 Return-Path: X-Original-To: apmail-directory-dev-archive@www.apache.org Delivered-To: apmail-directory-dev-archive@www.apache.org Received: from mxout1-he-de.apache.org (mxout1-he-de.apache.org [95.216.194.37]) by minotaur.apache.org (Postfix) with ESMTP id 7B3B6193E6 for ; Tue, 8 Sep 2020 08:35:03 +0000 (UTC) Received: from mail.apache.org (mailroute1-lw-us.apache.org [207.244.88.153]) by mxout1-he-de.apache.org (ASF Mail Server at mxout1-he-de.apache.org) with SMTP id 8115D62CE2 for ; Tue, 8 Sep 2020 08:35:02 +0000 (UTC) Received: (qmail 57754 invoked by uid 500); 8 Sep 2020 08:35:01 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 57717 invoked by uid 500); 8 Sep 2020 08:35:01 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@directory.apache.org Received: (qmail 57703 invoked by uid 99); 8 Sep 2020 08:35:01 -0000 Received: from mailrelay1-us-west.apache.org (HELO mailrelay1-us-west.apache.org) (209.188.14.139) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 08 Sep 2020 08:35:01 +0000 Received: from jira-he-de.apache.org (static.172.67.40.188.clients.your-server.de [188.40.67.172]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id A1B6D41975 for ; Tue, 8 Sep 2020 08:35:00 +0000 (UTC) Received: from jira-he-de.apache.org (localhost.localdomain [127.0.0.1]) by jira-he-de.apache.org (ASF Mail Server at jira-he-de.apache.org) with ESMTP id 258D4780297 for ; Tue, 8 Sep 2020 08:35:00 +0000 (UTC) Date: Tue, 8 Sep 2020 08:35:00 +0000 (UTC) From: "Colm O hEigeartaigh (Jira)" To: dev@directory.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Assigned] (DIRSERVER-2327) Add possibility to use custom ReplayCache implementation MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/DIRSERVER-2327?page=3Dcom.atla= ssian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh reassigned DIRSERVER-2327: ---------------------------------------------- Assignee: Colm O hEigeartaigh > Add possibility to use custom ReplayCache implementation > -------------------------------------------------------- > > Key: DIRSERVER-2327 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2327 > Project: Directory ApacheDS > Issue Type: Improvement > Reporter: Josef Cacek > Assignee: Colm O hEigeartaigh > Priority: Major > > Add the possibility to configure the ReplayCache implementation (or disab= le replay cache) in KDC. > When the KdcServer is used in embedded tests, and tests run in parallel, = they intermittently fail with "Request is a replay (34) - Request is a repl= ay". > I saw the problematic behavior in JBoss AS testsuite: > [https://issues.redhat.com/browse/JBPAPP-10974] > =C2=A0 > And also in Hazelcast Enterprise tests: > [https://github.com/hazelcast/hazelcast-enterprise/issues/3646] > =C2=A0 > JBoss resolves it by injecting dummy ReplayCache implementation by using = reflection:=C2=A0[https://source.jboss.org/changelog/JBossAS6?cs=3D114679&_= sscc=3Dt] > =C2=A0 > We will probably disable parallel test execution in Hazelcast to workarou= nd it. > It would be great to have a possibility to configure the implementing cla= ss in the=C2=A0{{@CreateKdcServer annotation.}} > h3. {{Stacktrace from a failing test}} > =C2=A0 > {{KrbException: Request is a replay (34) - Request is a replayKrbExceptio= n: Request is a replay (34) - Request is a replay at java.security.jgss/sun= .security.krb5.KrbTgsRep.(KrbTgsRep.java:73) at java.security.jgss/su= n.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:250) at java.security.jgs= s/sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:261) at java.s= ecurity.jgss/sun.security.krb5.internal.CredentialsUtil.serviceCreds(Creden= tialsUtil.java:308) at java.security.jgss/sun.security.krb5.internal.Creden= tialsUtil.acquireServiceCreds(CredentialsUtil.java:126) at java.security.jg= ss/sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:458) = at java.security.jgss/sun.security.jgss.krb5.Krb5Context.initSecContext(Krb= 5Context.java:695) at java.security.jgss/sun.security.jgss.GSSContextImpl.i= nitSecContext(GSSContextImpl.java:265) at java.security.jgss/sun.security.j= gss.GSSContextImpl.initSecContext(GSSContextImpl.java:196) at com.hazelcast= .security.impl.KerberosCredentialsFactory.createTokenCredentials(KerberosCr= edentialsFactory.java:163) at com.hazelcast.security.impl.KerberosCredentia= lsFactory.lambda$0(KerberosCredentialsFactory.java:127) at java.base/java.s= ecurity.AccessController.doPrivileged(Native Method) at java.base/javax.sec= urity.auth.Subject.doAs(Subject.java:361) at com.hazelcast.security.impl.Ke= rberosCredentialsFactory.newCredentials(KerberosCredentialsFactory.java:127= ) at com.hazelcast.security.impl.KerberosCredentialsFactory.newCredentials(= KerberosCredentialsFactory.java:148) at com.hazelcast.security.loginimpl.Gs= sApiLoginModuleTest.getKerberosCredentials(GssApiLoginModuleTest.java:169) = at com.hazelcast.security.loginimpl.GssApiLoginModuleTest.testCutOffRealmFr= omName(GssApiLoginModuleTest.java:132) at java.base/jdk.internal.reflect.Na= tiveMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.ref= lect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at j= ava.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Delegatin= gMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(M= ethod.java:564) at org.junit.runners.model.FrameworkMethod$1.runReflectiveC= all(FrameworkMethod.java:50) at org.junit.internal.runners.model.Reflective= Callable.run(ReflectiveCallable.java:12) at org.junit.runners.model.Framewo= rkMethod.invokeExplosively(FrameworkMethod.java:47) at org.junit.internal.r= unners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) at com.hazelc= ast.test.FailOnTimeoutStatement$CallableStatement.call(FailOnTimeoutStateme= nt.java:114) at com.hazelcast.test.FailOnTimeoutStatement$CallableStatement= .call(FailOnTimeoutStatement.java:1) at java.base/java.util.concurrent.Futu= reTask.run(FutureTask.java:264) at java.base/java.lang.Thread.run(Thread.ja= va:844)Caused by: KrbException: Identifier doesn't match expected value (90= 6) at java.security.jgss/sun.security.krb5.internal.KDCRep.init(KDCRep.java= :140) at java.security.jgss/sun.security.krb5.internal.TGSRep.init(TGSRep.j= ava:65) at java.security.jgss/sun.security.krb5.internal.TGSRep.(TGSR= ep.java:60) at java.security.jgss/sun.security.krb5.KrbTgsRep.(KrbTgs= Rep.java:55) ... 28 more}}{{=C2=A0}} -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org For additional commands, e-mail: dev-help@directory.apache.org