directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: Using AbstractKerberosITest
Date Thu, 10 Apr 2014 08:57:56 GMT
On Thu, Apr 10, 2014 at 1:14 AM, Josh Clum <joshclum@gmail.com> wrote:

> Hi,
>
> I'm trying to set up an IT for one of my classes that inherits from using
> the AbstractKerberosITest inside of apacheds-kerberos-test.
>
> Here are the annotations on my class:
>
>   @RunWith(FrameworkRunner.class)
>   @CreateDS(name = "KerberosTcpIT-class",
>     partitions = {
>       @CreatePartition(name = "example", suffix = "dc=example,dc=com")},
>       additionalInterceptors = { KeyDerivationInterceptor.class })
>   @CreateLdapServer(transports = { @CreateTransport(protocol = "LDAP") })
>   @CreateKdcServer(transports = { @CreateTransport( protocol = "TCP", port
> = 6089) })
>
> @ApplyLdifFiles("org/apache/directory/server/kerberos/kdc/KerberosIT.ldif")
>
>
> AbstractKerberosITest generates a krb5.conf that looks like this:
>
>   [libdefaults]
>   default_realm = EXAMPLE.COM
>   default_tkt_enctypes = des3-cbc-sha1
>   default_tgs_enctypes = des3-cbc-sha1
>   permitted_enctypes = des3-cbc-sha1
>   default-checksum_type = hmac-sha1-des3
>   udp_preference_limit = 1
>   [realms]
>   EXAMPLE.COM = {
>   kdc = localhost:6089
>   }
>   [domain_realm]
>   .example.com = EXAMPLE.COM
>   example.com = EXAMPLE.COM
>
> To kinit, I'm using this command (hnelson is automatically added by
> AbstractKerberosITest):
>
>   env KRB5_CONFIG=/path/to/krb5.conf kinit -k -t /path/to/hnelson.keytab
> hnelson@EXAMPLE.COM
>
> And I get this error:
>
>   kinit: krb5_get_init_creds: unable to reach any KDC in realm EXAMPLE.COM
>
> The kdc seems to running just fine:
>
>   ➜  ~  lsof -i :6089
>   COMMAND   PID   USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
>   java    98545 clumjo  201u  IPv6 0x3b381b5f4ac2a677      0t0  TCP
> localhost:6089 (LISTEN)
>   ➜  ~  telnet localhost 6089
>   Trying ::1...
>   telnet: connect to address ::1: Connection refused
>   Trying 127.0.0.1...
>   Connected to localhost.
>
> Do you have any thoughts as to what might be wrong?
>
> nope, am able to get the ticket using the same config (but with a
standalone server)
looks like some DNS issue, can you map EXAMPLE.COM to loopback address
in your hosts file and see

> Thanks,
>
> Josh
>
>


-- 
Kiran Ayyagari
http://keydap.com

Mime
View raw message