directory-kerby mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zheng, Kai" <kai.zh...@intel.com>
Subject RE: KDC is rejecting my TGS
Date Mon, 23 Nov 2015 09:22:53 GMT
With above fixup, I hit another issue that Kerby client failed to decrypt the TGS-REP.

I got it work in my setup but I can't commit the codes because there're more cases to be investigated.
Ref. the issue 
https://issues.apache.org/jira/browse/DIRKRB-472

Marc, 
if you'd just go on with your case, please make the following change and try.
In client side TgsRequest.java: processResponse(), use KeyUsage.TGS_REP_ENCPART_SUBKEY.

-----Original Message-----
From: Zheng, Kai [mailto:kai.zheng@intel.com] 
Sent: Monday, November 23, 2015 2:21 PM
To: kerby@directory.apache.org
Subject: RE: KDC is rejecting my TGS

Fired and resolved the following issue to track the authenticator issue we're handling.
Will setup a box to test: Kerby client -> MIT KDC (in service ticket path)

commit df6ba15d4f990b104efcf36ede913f4eeb09a872
Author: Drankye <drankye@gmail.com>
Date:   Tue Nov 24 14:16:32 2015 +0800

    DIRKRB-469 & DIRKRB-470 setting vno & cksum fields when making authenticator

-----Original Message-----
From: Marc Boorshtein [mailto:mboorshtein@gmail.com]
Sent: Monday, November 23, 2015 11:30 AM
To: kerby@directory.apache.org
Subject: RE: KDC is rejecting my TGS

ah. That would do it :) sounds like we are getting close!

Thanks
Marc
On Nov 22, 2015 10:27 PM, "Zheng, Kai" <kai.zheng@intel.com> wrote:

> OK, forget it. I just checked the codes, and found the checksum isn't 
> done and filled in authenticator. I will get it fixed ASAP.
>
> Regards,
> Kai
>
> -----Original Message-----
> From: Marc Boorshtein [mailto:mboorshtein@gmail.com]
> Sent: Monday, November 23, 2015 11:24 AM
> To: kerby@directory.apache.org
> Subject: RE: KDC is rejecting my TGS
>
> >
> > Cool!! Thanks a lot for getting the hard issue figured out.
> >
>
> My pleasure. I'm glad I'm making progress.
>
> > I'm looking at the checksum issue, and trying to go into the context.
> > Did
> you try the usage value of 10 or 6? Could you give me a snapshot of 
> the stacktrace (or call stack) so I can know sooner about the context? Thanks.
>
> I haven't yet. I've shutdown for the night but the there really isn't 
> a stack trace because MIT is returning a kerberos generic error (with 
> the accompanying log messages I sent over). I wanted to make sure I 
> was reading the code properly before I started trying things since MIT 
> isn't giving me the best error messages.  I'll give it a go tomorrow.
>
> Thanks
> Marc
>
Mime
View raw message