Return-Path: 
 <dev-return-38710-apmail-directory-dev-archive=directory.apache.org@directory.apache.org>
X-Original-To: apmail-directory-dev-archive@www.apache.org
Delivered-To: apmail-directory-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id E7E137A85
	for <apmail-directory-dev-archive@www.apache.org>;
 Tue,  9 Aug 2011 08:59:13 +0000 (UTC)
Received: (qmail 55115 invoked by uid 500); 9 Aug 2011 08:59:11 -0000
Delivered-To: apmail-directory-dev-archive@directory.apache.org
Received: (qmail 54892 invoked by uid 500); 9 Aug 2011 08:58:59 -0000
Mailing-List: contact dev-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@directory.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@directory.apache.org>
List-Post: <mailto:dev@directory.apache.org>
List-Id: <dev.directory.apache.org>
Reply-To: "Apache Directory Developers List" <dev@directory.apache.org>
Delivered-To: mailing list dev@directory.apache.org
Received: (qmail 54850 invoked by uid 99); 9 Aug 2011 08:58:50 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 09 Aug 2011 08:58:50 +0000
X-ASF-Spam-Status: No, hits=-2000.8 required=5.0
	tests=ALL_TRUSTED,RP_MATCHES_RCVD
X-Spam-Check-By: apache.org
Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 09 Aug 2011 08:58:47 +0000
Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116])
	by hel.zones.apache.org (Postfix) with ESMTP id 5FD31B3BA6
	for <dev@directory.apache.org>; Tue,  9 Aug 2011 08:58:27 +0000 (UTC)
Date: Tue, 9 Aug 2011 08:58:27 +0000 (UTC)
From: "Emmanuel Lecharny (JIRA)" <jira@apache.org>
To: dev@directory.apache.org
Message-ID: 
 <295514630.19491.1312880307389.JavaMail.tomcat@hel.zones.apache.org>
In-Reply-To: 
 <1813099328.8138.1311176098538.JavaMail.tomcat@hel.zones.apache.org>
Subject: [jira] [Closed] (DIRSERVER-1635) Exception when obtaining service
 ticket and aes256-cts-hmac-sha1-96 encryption is used
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


     [ https://issues.apache.org/jira/browse/DIRSERVER-1635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Emmanuel Lecharny closed DIRSERVER-1635.
----------------------------------------


> Exception when obtaining service ticket and aes256-cts-hmac-sha1-96 encryption is used
> --------------------------------------------------------------------------------------
>
>                 Key: DIRSERVER-1635
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1635
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M1
>         Environment: * ApacheDS Trunk as KDC, encryption is set to "aes256-cts-hmac-sha1-96".
> * Service: Apache HTTPD 2.2 with mod_auth_kerb
> * Client: Linux with MIT Kerberos and Firefox 5
>            Reporter: Stefan Seelmann
>            Assignee: Stefan Seelmann
>             Fix For: 2.0.0-M2
>
>
> The client accesses a SPNEGO protected website. When obtaining the service ticket the exception below is thrown.
> When using "des-cbc-md5" encryption no exception is thrown and authentication works. I didn't test other encryption types, but they should be tested.
> [13:38:25] ERROR [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - ERR_152 Unexpected exception: Missing argument
> java.lang.IllegalArgumentException: Missing argument
> 	at javax.crypto.spec.SecretKeySpec.<init>(SecretKeySpec.java:93)
> 	at org.apache.directory.server.kerberos.shared.crypto.encryption.AesCtsSha1Encryption.processCipher(AesCtsSha1Encryption.java:176)
> 	at org.apache.directory.server.kerberos.shared.crypto.encryption.AesCtsSha1Encryption.encrypt(AesCtsSha1Encryption.java:136)
> 	at org.apache.directory.server.kerberos.shared.crypto.encryption.Aes256CtsSha1Encryption.encrypt(Aes256CtsSha1Encryption.java:30)
> 	at org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionEngine.deriveRandom(EncryptionEngine.java:71)
> 	at org.apache.directory.server.kerberos.shared.crypto.encryption.AesCtsSha1Encryption.deriveKey(AesCtsSha1Encryption.java:148)
> 	at org.apache.directory.server.kerberos.shared.crypto.encryption.AesCtsSha1Encryption.calculateChecksum(AesCtsSha1Encryption.java:68)
> 	at org.apache.directory.server.kerberos.shared.crypto.encryption.Aes256CtsSha1Encryption.calculateChecksum(Aes256CtsSha1Encryption.java:30)
> 	at org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumHandler.verifyChecksum(ChecksumHandler.java:107)
> 	at org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.verifyBodyChecksum(TicketGrantingService.java:305)
> 	at org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.execute(TicketGrantingService.java:107)
> 	at org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:172)
> 	at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:716)
> 	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> 	at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
> 	at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
> 	at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:427)
> 	at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:245)
> 	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> 	at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
> 	at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
> 	at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
> 	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> 	at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
> 	at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:486)
> 	at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:456)
> 	at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$1000(AbstractPollingConnectionlessIoAcceptor.java:61)
> 	at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:414)
> 	at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
> 	at java.lang.Thread.run(Thread.java:636)

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira