directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Karasulu <akaras...@apache.org>
Subject Re: [ApacheDS] [Kerberos] Any idea on how we solve this issue with the missing encryption types?
Date Wed, 23 Nov 2011 06:55:47 GMT
Hi Stephan,

On Tue, Nov 22, 2011 at 8:57 PM, Stefan Seelmann <seelmann@apache.org> wrote:
> Hi Alex,
>
> you need to install the "unlimited strength JCE" [1] in order to get
> the AES cipher.
>

Thanks for the heads up. I'll try this later today but isn't this a
bit too much to expect everyone building the server to have this
installed?

We're also going to need some special documentation on this so it's
causing a hassle for Linux users.

I'd just recommend a profile for running tests in controlled CI
environments verses running tests on a normal build off the CLI in any
generic environment. This way the CI system can run this test but it
can be ignored when users download and try to build the server
themselves.

Regards,
Alex

> Kind Regards,
> Stefan
>
> [1] http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
>
>
> On Tue, Nov 22, 2011 at 1:54 PM, Alex Karasulu <akarasulu@apache.org> wrote:
>> Hi all,
>> Seems I'm getting the following failure with the kerberos-test module in the
>> apacheds trunk due to a lack of supported encryption types when using the
>> JDK Krb5 login module. The build is on an Ubuntu machine:
>> akarasulu@stein:~$ cat /etc/lsb-release
>> DISTRIB_ID=Ubuntu
>> DISTRIB_RELEASE=11.10
>> DISTRIB_CODENAME=oneiric
>> DISTRIB_DESCRIPTION="Ubuntu 11.10"
>> with the following Maven + Java setup:
>> akarasulu@stein:~$ mvn -v
>> Apache Maven 3.0.3 (r1075438; 2011-02-28 19:31:09+0200)
>> Maven home: /opt/tools/maven/default
>> Java version: 1.6.0_26, vendor: Sun Microsystems Inc.
>> Java home: /usr/lib/jvm/java-6-sun-1.6.0.26/jre
>> Default locale: en_US, platform encoding: UTF-8
>> OS name: "linux", version: "3.0.0-12-generic", arch: "amd64", family: "unix"
>> Here's the failing test:
>> org.apache.directory.server.kerberos.kdc.KerberosTcpITest.testObtainTickets_AES256()
>>  ... and the stack trace ...
>>   <testcase time="0.05"
>> classname="org.apache.directory.server.kerberos.kdc.KerberosTcpITest"
>> name="testObtainTickets_AES256">
>>     <error message="No supported encryption types listed in
>> default_tkt_enctypes"
>> type="javax.security.auth.login.LoginException">javax.security.auth.login.LoginException:
>> No supported encryption types listed in default_tkt_enctypes
>>         at
>> com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:696)
>>         at
>> com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)
>>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>         at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>         at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>         at java.lang.reflect.Method.invoke(Method.java:597)
>>         at
>> javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
>>         at
>> javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
>>         at
>> javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
>>         at java.security.AccessController.doPrivileged(Native Method)
>>         at
>> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
>>         at
>> javax.security.auth.login.LoginContext.login(LoginContext.java:579)
>>         at
>> org.apache.directory.server.kerberos.kdc.KerberosTestUtils.obtainTGT(KerberosTestUtils.java:295)
>>         at
>> org.apache.directory.server.kerberos.kdc.AbstractKerberosITest.testObtainTickets(AbstractKerberosITest.java:121)
>>         at
>> org.apache.directory.server.kerberos.kdc.KerberosTcpITest.testObtainTickets_AES256(KerberosTcpITest.java:130)
>>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>  SNIP ...
>> Caused by: KrbException: No supported encryption types listed in
>> default_tkt_enctypes
>>         at
>> sun.security.krb5.internal.crypto.EType.getDefaults(EType.java:221)
>>         at sun.security.krb5.KrbAsReq.init(KrbAsReq.java:335)
>>         at sun.security.krb5.KrbAsReq.&lt;init&gt;(KrbAsReq.java:259)
>>         at sun.security.krb5.KrbAsReq.&lt;init&gt;(KrbAsReq.java:61)
>>         at sun.security.krb5.Credentials.sendASRequest(Credentials.java:391)
>>         at sun.security.krb5.Credentials.acquireTGT(Credentials.java:350)
>>         at
>> com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:662)
>>         ... 49 more
>> So what should we do because this test will always fail on this Jvm? Should
>> I just ignore it until a reliable test is created?
>> --
>> Best Regards,
>> -- Alex
>>

Mime
View raw message