directory-kerby mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zheng, Kai" <kai.zh...@intel.com>
Subject RE: How to request a forwardable ticket?
Date Wed, 18 Nov 2015 03:09:59 GMT
Ok, see. Looks like KrbOption.FORWARDABLE in request options isn't passed down to KdcOptions
for the final AsReq. 
Will take a look and possible fix it soon.

-----Original Message-----
From: Marc Boorshtein [mailto:mboorshtein@gmail.com] 
Sent: Wednesday, November 18, 2015 10:43 AM
To: kerby@directory.apache.org
Subject: Re: How to request a forwardable ticket?

Thanks Kai, I'm having the same issue with the latest code.  Here's the pull log:

emote: Counting objects: 467, done.
remote: Compressing objects: 100% (70/70), done.
remote: Total 143 (delta 47), reused 0 (delta 0) Receiving objects: 100% (143/143), 12.23
KiB | 0 bytes/s, done.
Resolving deltas: 100% (47/47), completed with 35 local objects.
From https://git1-us-west.apache.org/repos/asf/directory-kerby
   955a845..d18ad29  master     -> origin/master
Updating 955a845..d18ad29
Fast-forward
 .../zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZookeeperIdentityBackend.java
|   8 +--
 kerby-config/src/main/java/org/apache/kerby/config/Conf.java
                                     |  48 +++++++++---------  kerby-config/src/main/java/org/apache/kerby/config/Config.java
                                     |  35 +++++++------  kerby-config/src/main/java/org/apache/kerby/config/ConfigImpl.java
                                     |  71 +++++++++++++++-----------  kerby-config/src/test/java/org/apache/kerby/config/ConfTest.java
                                     |  11 ++--  kerby-dist/kdc-dist/assembly.xml
                                     |   2 +
 kerby-dist/tool-dist/assembly.xml
                                      |   2 +
 kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
                      |  43 ++++++++++------  kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
                   |   2 +-
 kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
 |   8 +++
 kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequest.java
              |  10 ++--
 .../kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/TestKrbConfigLoadWithDefaultRealm.java
     |  45 +++++++++++++++++
 kerby-kerb/kerb-client/src/test/resources/krb5-kdcrealm.conf
                                     |  19 +++++++  kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/KrbConfHelper.java
                  |  17 ++++---
 kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestAsReqCodec.java
               |   3 +-
 kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestTgsReqCodec.java
              |   5 +-
 kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbFlags.java
                      |  28 ++++++-----
 kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/spec/base/KrbFlagsTest.java
                  | 155
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
                      |  44 +++++++++-------  kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcUtil.java
                        |   2 +-
 20 files changed, 420 insertions(+), 138 deletions(-)  create mode 100644 kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/TestKrbConfigLoadWithDefaultRealm.java
 create mode 100644
kerby-kerb/kerb-client/src/test/resources/krb5-kdcrealm.conf
 create mode 100644
kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/spec/base/KrbFlagsTest.java


On Tue, Nov 17, 2015 at 9:32 PM, Zheng, Kai <kai.zheng@intel.com> wrote:

> Hi Marc,
>
> There're recent contribution fixes related to this from Steve. Would 
> you checkout and update to the latest codes?
>
> commit c3c778f3af0fe2a187c10447682bf12b9bed7c6d
> Author: plusplusjiajia <jiajia.li@intel.com>
> Date:   Tue Nov 17 15:08:59 2015 +0800
>
>     DIRKRB-449 Fix the bit manipulation functions in KrbFlags. 
> Contributed by Steve.
>
> Regards,
> Kai
>
> -----Original Message-----
> From: Marc Boorshtein [mailto:mboorshtein@gmail.com]
> Sent: Wednesday, November 18, 2015 10:27 AM
> To: kerby@directory.apache.org
> Subject: How to request a forwardable ticket?
>
> I can't seem to workout how to specify any options for a ticket.  For 
> s4u the TGT and SGTs need to be forwardable.  Here's my code so far:
>
> KOptions requestOptions = new KOptions();
>
>         requestOptions.add(KrbOption.CLIENT_PRINCIPAL,
> "HTTP/s4u.rhelent.lan@RHELENT.LAN");
>
>         requestOptions.add(KrbOption.USE_KEYTAB, true);
>
>         requestOptions.add(KrbOption.KEYTAB_FILE, new File( 
> "/Users/mlb/Documents/localdev.keytab"));
>
>         requestOptions.add(KrbOption.FORWARDABLE,true);
>
> TgtTicket tgt = kerb.requestTgtWithOptions(requestOptions);
>
> Looking at the code it doesn't look like the options are ever picked up.
> Any thoughts on how to set the forwardable flag?
>
> Thanks
>
> Marc
>
Mime
View raw message