directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Karasulu <akaras...@apache.org>
Subject Re: [ApacheDS] [Kerberos] Any idea on how we solve this issue with the missing encryption types?
Date Tue, 22 Nov 2011 13:56:22 GMT
On Tue, Nov 22, 2011 at 3:14 PM, Pierre-Arnaud Marcelot <pa@marcelot.net> wrote:
> On 22 nov. 2011, at 14:11, Alex Karasulu wrote:
>
> On Tue, Nov 22, 2011 at 3:04 PM, Pierre-Arnaud Marcelot <pa@marcelot.net>
> wrote:
>>
>> Hi Alex,
>>
>> I remember having dealt with something similar recently with a user on
>> IRC.
>>
>> Turns out its /etc/krb5.conf file contained wrong values, if I recall
>> correctly.
>>
>> You might also make sure you have the 'krb5-user' package installed via
>> apt-get.
>>
>
> Hey thanks for the heads up and I did this installing all the packages
> needed yet got the same error in the end. :/
> I even restarted my session just in case something was getting cached in the
> env.
> Any other ideas?
>
> What's the content of your krb5.conf file?
> Regards,
> Pierre-Arnaud

Seems I have some commented out encryption types here:

# Thie only time when you might need to uncomment these lines and change
# the enctypes is if you have local software that will break on ticket
# caches containing ticket encryption types it doesn't know about (such as
# old versions of Sun Java).

#	default_tgs_enctypes = des3-hmac-sha1
#	default_tkt_enctypes = des3-hmac-sha1
#	permitted_enctypes = des3-hmac-sha1

Did you add any to the default enc types to get this working?

Even if this fixes this issue shouldn't we really leave this test for
runs in controlled environments so users don't see things blow up
without the proper configuration?

Maybe we should have a profile specifically for tests run in our CI
environment verses when users run the tests?

Thanks,
Alex

> Thanks,
> Alex
>
>>
>> On 22 nov. 2011, at 13:54, Alex Karasulu wrote:
>>
>> > Hi all,
>> >
>> > Seems I'm getting the following failure with the kerberos-test module in
>> > the apacheds trunk due to a lack of supported encryption types when using
>> > the JDK Krb5 login module. The build is on an Ubuntu machine:
>> >
>> > akarasulu@stein:~$ cat /etc/lsb-release
>> > DISTRIB_ID=Ubuntu
>> > DISTRIB_RELEASE=11.10
>> > DISTRIB_CODENAME=oneiric
>> > DISTRIB_DESCRIPTION="Ubuntu 11.10"
>> >
>> > with the following Maven + Java setup:
>> >
>> > akarasulu@stein:~$ mvn -v
>> > Apache Maven 3.0.3 (r1075438; 2011-02-28 19:31:09+0200)
>> > Maven home: /opt/tools/maven/default
>> > Java version: 1.6.0_26, vendor: Sun Microsystems Inc.
>> > Java home: /usr/lib/jvm/java-6-sun-1.6.0.26/jre
>> > Default locale: en_US, platform encoding: UTF-8
>> > OS name: "linux", version: "3.0.0-12-generic", arch: "amd64", family:
>> > "unix"
>> >
>> > Here's the failing test:
>> >
>> >
>> > org.apache.directory.server.kerberos.kdc.KerberosTcpITest.testObtainTickets_AES256()
>> >
>> >  ... and the stack trace ...
>> >
>> >   <testcase time="0.05"
>> > classname="org.apache.directory.server.kerberos.kdc.KerberosTcpITest"
>> > name="testObtainTickets_AES256">
>> >     <error message="No supported encryption types listed in
>> > default_tkt_enctypes"
>> > type="javax.security.auth.login.LoginException">javax.security.auth.login.LoginException:
>> > No supported encryption types listed in default_tkt_enctypes
>> >         at
>> > com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:696)
>> >         at
>> > com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)
>> >         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> >         at
>> > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> >         at
>> > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> >         at java.lang.reflect.Method.invoke(Method.java:597)
>> >         at
>> > javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
>> >         at
>> > javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
>> >         at
>> > javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
>> >         at java.security.AccessController.doPrivileged(Native Method)
>> >         at
>> > javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
>> >         at
>> > javax.security.auth.login.LoginContext.login(LoginContext.java:579)
>> >         at
>> > org.apache.directory.server.kerberos.kdc.KerberosTestUtils.obtainTGT(KerberosTestUtils.java:295)
>> >         at
>> > org.apache.directory.server.kerberos.kdc.AbstractKerberosITest.testObtainTickets(AbstractKerberosITest.java:121)
>> >         at
>> > org.apache.directory.server.kerberos.kdc.KerberosTcpITest.testObtainTickets_AES256(KerberosTcpITest.java:130)
>> >         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> >
>> >  SNIP ...
>> >
>> > Caused by: KrbException: No supported encryption types listed in
>> > default_tkt_enctypes
>> >         at
>> > sun.security.krb5.internal.crypto.EType.getDefaults(EType.java:221)
>> >         at sun.security.krb5.KrbAsReq.init(KrbAsReq.java:335)
>> >         at sun.security.krb5.KrbAsReq.&lt;init&gt;(KrbAsReq.java:259)
>> >         at sun.security.krb5.KrbAsReq.&lt;init&gt;(KrbAsReq.java:61)
>> >         at
>> > sun.security.krb5.Credentials.sendASRequest(Credentials.java:391)
>> >         at
>> > sun.security.krb5.Credentials.acquireTGT(Credentials.java:350)
>> >         at
>> > com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:662)
>> >         ... 49 more
>> >
>> > So what should we do because this test will always fail on this Jvm?
>> > Should I just ignore it until a reliable test is created?
>> >
>> > --
>> > Best Regards,
>> > -- Alex
>> >
>>
>
>
>
> --
> Best Regards,
> -- Alex
>
>



-- 
Best Regards,
-- Alex

Mime
View raw message