directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bolke de Bruin (JIRA)" <>
Subject [jira] [Created] (DIRKRB-614) Kerby (simplekdc) errors on extra PADATA send by MIT kvno
Date Sat, 26 Nov 2016 17:50:59 GMT
Bolke de Bruin created DIRKRB-614:

             Summary: Kerby (simplekdc) errors on extra PADATA send by MIT kvno 
                 Key: DIRKRB-614
             Project: Directory Kerberos
          Issue Type: Bug
    Affects Versions: 1.0.0-RC2
         Environment: SimpleKDC 
            Reporter: Bolke de Bruin

I am using simplekdc wrapped in an application to allow CI for Apache Airflow.

While testing I found out that on my development system (OS X - Heimdal with MIT Shim) everything
worked fine, but when moving over to the CI (MIT) system it stopped working with the following

2016-11-26 17:08:51,974 ERROR [pool-1-thread-3] impl.DefaultKdcHandler: Error occured while
processing request:
org.apache.kerby.kerberos.kerb.KrbException: Decoding failed
	at org.apache.kerby.kerberos.kerb.KrbCodec.decode(
	at org.apache.kerby.kerberos.kerb.KrbCodec.decode(
	at org.apache.kerby.kerberos.kerb.server.request.KdcRequest.kdcFindFast(

Digging in with Wireshark showed that the MIT libraries are sending extra PAData which makes
Kerby not respond (Wireshark records this as "Unknown 136"). This behavior can be replicated
by using "kvno". 

Heimdal on OSX does not send this and gets a response.

This message was sent by Atlassian JIRA

View raw message