directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: Using AbstractKerberosITest
Date Thu, 10 Apr 2014 13:29:48 GMT
On Thu, Apr 10, 2014 at 6:37 PM, Josh Clum <joshclum@gmail.com> wrote:

> Added "EXAMPLE.COM localhost" to /etc/hosts so now i can ping EXAMPLE.COM,
> but still no luck.
>
> I did notice that when i call kdcServer.isStarted() in my test, that it
> will always return false. It seems that the method that kdcServer.start();
> is not correctly setting the started flag. I tried manually kdcServer.stop();
> then kdcServer.start(); as another check.
>
I doubt that, which version of the server are you using?

>
> Is there any way to connect to the kdc other than just trying to kinit?
> Any other thoughts?
>
> you can use KdcConnection present in kerberos-client module to test

>
> On Thu, Apr 10, 2014 at 4:57 AM, Kiran Ayyagari <kayyagari@apache.org>wrote:
>
>>
>>
>>
>> On Thu, Apr 10, 2014 at 1:14 AM, Josh Clum <joshclum@gmail.com> wrote:
>>
>>> Hi,
>>>
>>> I'm trying to set up an IT for one of my classes that inherits from
>>> using the AbstractKerberosITest inside of apacheds-kerberos-test.
>>>
>>> Here are the annotations on my class:
>>>
>>>   @RunWith(FrameworkRunner.class)
>>>   @CreateDS(name = "KerberosTcpIT-class",
>>>     partitions = {
>>>       @CreatePartition(name = "example", suffix = "dc=example,dc=com")},
>>>       additionalInterceptors = { KeyDerivationInterceptor.class })
>>>   @CreateLdapServer(transports = { @CreateTransport(protocol = "LDAP") })
>>>   @CreateKdcServer(transports = { @CreateTransport( protocol = "TCP",
>>> port = 6089) })
>>>
>>> @ApplyLdifFiles("org/apache/directory/server/kerberos/kdc/KerberosIT.ldif")
>>>
>>>
>>> AbstractKerberosITest generates a krb5.conf that looks like this:
>>>
>>>   [libdefaults]
>>>   default_realm = EXAMPLE.COM
>>>   default_tkt_enctypes = des3-cbc-sha1
>>>   default_tgs_enctypes = des3-cbc-sha1
>>>   permitted_enctypes = des3-cbc-sha1
>>>   default-checksum_type = hmac-sha1-des3
>>>   udp_preference_limit = 1
>>>   [realms]
>>>   EXAMPLE.COM = {
>>>   kdc = localhost:6089
>>>   }
>>>   [domain_realm]
>>>   .example.com = EXAMPLE.COM
>>>   example.com = EXAMPLE.COM
>>>
>>> To kinit, I'm using this command (hnelson is automatically added by
>>> AbstractKerberosITest):
>>>
>>>   env KRB5_CONFIG=/path/to/krb5.conf kinit -k -t /path/to/hnelson.keytab
>>> hnelson@EXAMPLE.COM
>>>
>>> And I get this error:
>>>
>>>   kinit: krb5_get_init_creds: unable to reach any KDC in realm
>>> EXAMPLE.COM
>>>
>>> The kdc seems to running just fine:
>>>
>>>   ➜  ~  lsof -i :6089
>>>   COMMAND   PID   USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
>>>   java    98545 clumjo  201u  IPv6 0x3b381b5f4ac2a677      0t0  TCP
>>> localhost:6089 (LISTEN)
>>>   ➜  ~  telnet localhost 6089
>>>   Trying ::1...
>>>   telnet: connect to address ::1: Connection refused
>>>   Trying 127.0.0.1...
>>>   Connected to localhost.
>>>
>>> Do you have any thoughts as to what might be wrong?
>>>
>>> nope, am able to get the ticket using the same config (but with a
>> standalone server)
>> looks like some DNS issue, can you map EXAMPLE.COM to loopback address
>> in your hosts file and see
>>
>>> Thanks,
>>>
>>> Josh
>>>
>>>
>>
>>
>> --
>> Kiran Ayyagari
>> http://keydap.com
>>
>
>


-- 
Kiran Ayyagari
http://keydap.com

Mime
View raw message