directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Boorshtein <mboorsht...@gmail.com>
Subject [Kerberos Client] Can not generate a service ticket
Date Sun, 14 Feb 2010 20:09:11 GMT
All,

I've setup a development environment for working with the kerberos
client library and am running into a problem generating a service
ticket.  The below code "works" in that I get a TGT and it fails if I
put in the wrong password but I don't seem to get the correct tickets
and when I try to generate a service ticket I get an exception.  Below
is my code and the exception.  I've also attached packet captures from
both a successful kinit and the failed kerberos client login.

Code:

Properties props = new Properties();
		props.setProperty("log4j.rootLogger", "DEBUG,A1");
		props.setProperty("log4j.appender.A1", "org.apache.log4j.ConsoleAppender");
		props.setProperty("log4j.appender.A1.layout","org.apache.log4j.PatternLayout");
		props.setProperty("log4j.appender.A1.layout.ConversionPattern","%-4r
[%t] %-5p %c %x - %m%n");
		
		PropertyConfigurator.configure(props);
		System.out.println("creating principal");
		KerberosPrincipal clientPrincipal = new KerberosPrincipal(
"testuser1@W2K3R2.TEST.COM");
		System.out.println("creating con");
		KdcConnection con = new KdcConnection("adfs-dc.w2k3r2.test.com");
		System.out.println("creating tgt");
		KerberosTicket tgt = con.getTicketGrantingTicket( clientPrincipal,
new String("$tart123") );
		System.out.println("generating service ticket");
		KerberosPrincipal sp = new
KerberosPrincipal("http/kerb-ws.w2k3r2.test.com@W2K3R2.TEST.COM");
		KerberosTicket sgt = con.getServiceTicket(tgt, sp);
		System.out.println("service ticket granted");
		tgt.destroy();
		con.disconnect();

Output:

reating principal
creating con
creating tgt
0    [NioProcessor-1] DEBUG
org.apache.directory.client.kerberos.protocol.KerberosClientHandler  -
adfs-dc.w2k3r2.test.com/192.168.174.133:88 CREATED:  datagram
418  [NioProcessor-1] DEBUG
org.apache.mina.filter.codec.ProtocolCodecFilter  - Processing a
MESSAGE_RECEIVED for session 1
431  [NioProcessor-1] DEBUG
org.apache.directory.client.kerberos.protocol.KerberosClientHandler  -
adfs-dc.w2k3r2.test.com/192.168.174.133:88 RCVD:
org.apache.directory.server.kerberos.shared.messages.KdcReply@1960f05
445  [main] DEBUG
org.apache.directory.client.kerberos.GetTicketGrantingTicket  -
Received ticket for 'testuser1@W2K3R2.TEST.COM' to access
'krbtgt/W2K3R2.TEST.COM@W2K3R2.TEST.COM'.
generating service ticket
457  [NioProcessor-3] DEBUG
org.apache.directory.client.kerberos.protocol.KerberosClientHandler  -
adfs-dc.w2k3r2.test.com/192.168.174.133:88 CREATED:  datagram
467  [main] ERROR
org.apache.directory.client.kerberos.protocol.KerberosClientHandler  -
adfs-dc.w2k3r2.test.com/192.168.174.133:88 EXCEPTION
org.apache.mina.filter.codec.ProtocolEncoderException:
java.nio.BufferOverflowException
	at org.apache.mina.filter.codec.ProtocolCodecFilter.filterWrite(ProtocolCodecFilter.java:313)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callPreviousFilterWrite(DefaultIoFilterChain.java:505)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1400(DefaultIoFilterChain.java:47)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.filterWrite(DefaultIoFilterChain.java:813)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.filterWrite(DefaultIoFilterChain.java:739)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callPreviousFilterWrite(DefaultIoFilterChain.java:505)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireFilterWrite(DefaultIoFilterChain.java:497)
	at org.apache.mina.core.session.AbstractIoSession.write(AbstractIoSession.java:427)
	at org.apache.mina.core.session.AbstractIoSession.write(AbstractIoSession.java:368)
	at org.apache.directory.client.kerberos.GetServiceTicket.execute(GetServiceTicket.java:144)
	at org.apache.directory.client.kerberos.KdcConnection.getServiceTicket(KdcConnection.java:150)
	at org.apache.directory.client.kerberos.KdcConnection.getServiceTicket(KdcConnection.java:133)
	at TestKerb.main(TestKerb.java:27)
Caused by: java.nio.BufferOverflowException
	at java.nio.Buffer.nextPutIndex(Buffer.java:495)
	at java.nio.HeapByteBuffer.put(HeapByteBuffer.java:145)
	at org.apache.directory.shared.asn1.der.ASN1OutputStream$1.write(ASN1OutputStream.java:52)
	at java.io.FilterOutputStream.write(FilterOutputStream.java:60)
	at java.io.FilterOutputStream.write(FilterOutputStream.java:108)
	at java.io.FilterOutputStream.write(FilterOutputStream.java:80)
	at org.apache.directory.shared.asn1.der.ASN1OutputStream.writeEncoded(ASN1OutputStream.java:94)
	at org.apache.directory.shared.asn1.der.DERApplicationSpecific.encode(DERApplicationSpecific.java:86)
	at org.apache.directory.shared.asn1.der.ASN1OutputStream.writeObject(ASN1OutputStream.java:106)
	at org.apache.directory.server.kerberos.shared.io.encoder.KdcRequestEncoder.encode(KdcRequestEncoder.java:61)
	at org.apache.directory.client.kerberos.protocol.KerberosClientUdpEncoder.encode(KerberosClientUdpEncoder.java:46)
	at org.apache.mina.filter.codec.ProtocolCodecFilter.filterWrite(ProtocolCodecFilter.java:298)
	... 12 more
469  [main] ERROR
org.apache.directory.client.kerberos.GetServiceTicket  - KDC returned
error; ticket will be null.
service ticket granted

Thanks

Marc

Mime
View raw message