directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kai Zheng (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRKRB-472) Use sessionkey or subkey appropriately
Date Mon, 23 Nov 2015 09:23:11 GMT

    [ https://issues.apache.org/jira/browse/DIRKRB-472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15021828#comment-15021828
] 

Kai Zheng commented on DIRKRB-472:
----------------------------------

In current codes, when running Kerby client -> MIT KDC, it will throw:
{noformat}
Exception in thread "main" org.apache.kerby.kerberos.kerb.KrbException: Integrity check on
decrypted field failed
	at org.apache.kerby.kerberos.kerb.crypto.enc.KeKiEnc.decryptWith(KeKiEnc.java:127)
	at org.apache.kerby.kerberos.kerb.crypto.enc.AbstractEncTypeHandler.decrypt(AbstractEncTypeHandler.java:150)
	at org.apache.kerby.kerberos.kerb.crypto.enc.AbstractEncTypeHandler.decrypt(AbstractEncTypeHandler.java:138)
	at org.apache.kerby.kerberos.kerb.crypto.EncryptionHandler.decrypt(EncryptionHandler.java:244)
	at org.apache.kerby.kerberos.kerb.common.EncryptionUtil.unseal(EncryptionUtil.java:136)
	at org.apache.kerby.kerberos.kerb.client.request.TgsRequest.processResponse(TgsRequest.java:82)
	at org.apache.kerby.kerberos.kerb.client.KrbHandler.onResponseMessage(KrbHandler.java:113)
	at org.apache.kerby.kerberos.kerb.client.impl.DefaultKrbHandler.handleRequest(DefaultKrbHandler.java:47)
	at org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbClient.doRequestServiceTicket(DefaultInternalKrbClient.java:86)
	at org.apache.kerby.kerberos.kerb.client.impl.AbstractInternalKrbClient.requestServiceTicket(AbstractInternalKrbClient.java:139)
	at org.apache.kerby.kerberos.kerb.client.KrbClient.requestServiceTicketWithTgt(KrbClient.java:267)
	at org.apache.kerby.kerberos.tool.kinit.KinitTool.requestTicket(KinitTool.java:161)
	at org.apache.kerby.kerberos.tool.kinit.KinitTool.main(KinitTool.java:229)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at com.intellij.rt.execution.application.AppMain.main(AppMain.java:140)
{noformat}

> Use sessionkey or subkey appropriately
> --------------------------------------
>
>                 Key: DIRKRB-472
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-472
>             Project: Directory Kerberos
>          Issue Type: Bug
>            Reporter: Kai Zheng
>            Assignee: Kai Zheng
>
> It looks like we need to revisit related codes across client and server to ensure session
key or subkey is used appropriately. The changes should make both MIT Kerberos and Oracle
Java happy conforming to the spec.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message