directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kai Zheng (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRSERVER-2156) ApacheDS issues TGT kerberos ticket with address on IBM java
Date Wed, 29 Jun 2016 05:01:45 GMT

    [ https://issues.apache.org/jira/browse/DIRSERVER-2156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15354545#comment-15354545
] 

Kai Zheng commented on DIRSERVER-2156:
--------------------------------------

Hello [~friler],

Thanks for your reporting and inputs. I thought it would be good to notify you that currently
the very limited community resources on Kerberos direction is focused on the Kerby sub-project,
and I'm not sure whether anybody else has the bandwidth for fixing this up. We probably would
love to accept such fix patch if available, on the other hand.

Hope this helps you some bit.

Regards,
Kai

> ApacheDS issues TGT kerberos ticket with address on IBM java
> ------------------------------------------------------------
>
>                 Key: DIRSERVER-2156
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2156
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M20
>            Reporter: Martin Choma
>         Attachments: IBMJavaIdentityPropagation.log, IBMJavaIdentityPropagation.pcapng,
OracleJavaIdentityPropagation.log, OracleJavaIdentityPropagation.pcapng
>
>
> ApacheDS issues TGT kerberos ticket with address on IBM java , even if
> noaddresses = true is explicitelly set in krb5.conf.
> Address in ticket causing problem, because ApacheDS check address in ticket with address
of connection. And that leads to error "error 38 Incorrect net address"
> I dont see this issue on IBM java and Active Directory, for instance, so I
> think it is not problem of client code.
> Also note that running ApacheDS with openJDK and oracle java I also don't
> see this.
> Only problematic combination is is ApacheDS vs. IBM java 8
> Tested use case is identity propagation / delegation.
> In attachment you can find relevant log with org.apache.directory.server.KERBEROS_LOG
set to DEBUG for oracle and ibm java. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message