On Thu, Apr 10, 2014 at 1:14 AM, Josh Clum <joshclum@gmail.com> wrote:
Hi,

I'm trying to set up an IT for one of my classes that inherits from using the AbstractKerberosITest inside of apacheds-kerberos-test.

Here are the annotations on my class:

  @RunWith(FrameworkRunner.class)
  @CreateDS(name = "KerberosTcpIT-class",
    partitions = {
      @CreatePartition(name = "example", suffix = "dc=example,dc=com")},
      additionalInterceptors = { KeyDerivationInterceptor.class })
  @CreateLdapServer(transports = { @CreateTransport(protocol = "LDAP") })
  @CreateKdcServer(transports = { @CreateTransport( protocol = "TCP", port = 6089) })
  @ApplyLdifFiles("org/apache/directory/server/kerberos/kdc/KerberosIT.ldif")


AbstractKerberosITest generates a krb5.conf that looks like this:

  [libdefaults]
  default_realm = EXAMPLE.COM
  default_tkt_enctypes = des3-cbc-sha1
  default_tgs_enctypes = des3-cbc-sha1
  permitted_enctypes = des3-cbc-sha1
  default-checksum_type = hmac-sha1-des3
  udp_preference_limit = 1
  [realms]
  kdc = localhost:6089
  }
  [domain_realm]

To kinit, I'm using this command (hnelson is automatically added by AbstractKerberosITest):

  env KRB5_CONFIG=/path/to/krb5.conf kinit -k -t /path/to/hnelson.keytab hnelson@EXAMPLE.COM

And I get this error:

  kinit: krb5_get_init_creds: unable to reach any KDC in realm EXAMPLE.COM

The kdc seems to running just fine:

  ➜  ~  lsof -i :6089        
  COMMAND   PID   USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
  java    98545 clumjo  201u  IPv6 0x3b381b5f4ac2a677      0t0  TCP localhost:6089 (LISTEN)
  ➜  ~  telnet localhost 6089
  Trying ::1...
  telnet: connect to address ::1: Connection refused
  Trying 127.0.0.1...
  Connected to localhost.

Do you have any thoughts as to what might be wrong?

nope, am able to get the ticket using the same config (but with a standalone server)
looks like some DNS issue, can you map EXAMPLE.COM to loopback address
in your hosts file and see
Thanks,

Josh




--
Kiran Ayyagari
http://keydap.com