directory-kerby mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zeng, Frank" <frank.z...@intel.com>
Subject RE: Possible (minor) regression in ClientUtil
Date Fri, 27 Oct 2017 03:05:49 GMT
Hi Colm,

Thanks for your feedback. 

Now kerby gets KDC port from the realm section of krb5.conf by default. If the port is null,
which got from the realm section, kerby will get port from krbSetting.

So I think you can try to configure the KDC string without specify the port of your test KDC,
which belongs to the realm section of krb5.conf, then kerby will use the port set on krbSetting.

Sorry for the late reply.

Regards,
Frank

-----Original Message-----
From: Colm O hEigeartaigh [mailto:coheigea@apache.org] 
Sent: Thursday, October 26, 2017 6:56 PM
To: kerby@directory.apache.org
Subject: Possible (minor) regression in ClientUtil

Hi all,

I noticed a possible regression in ClientUtil caused by this patch:

commit e0c1998b7d02587d5eb0850730ee8b873dca46ca
Author: plusplusjiajia <jiajia.li@intel.com>
Date:   Thu Sep 14 20:57:33 2017 +0800

    DIRKRB-657 Implement kinit tool to get tgt ticket from remote realm.
Contributed by Frank.

The problem is that ClientUtil.getKDCList we no longer call:

-        kdcList.add(krbSetting.getKdcHost());

instead, we try first to get the address from the realm section of the krb5.conf. The problem
arises if the krb5.conf contains an old port for the KDC, it will use this instead of using
the correctly port contained in krbSetting.getKdcHost().

I ran into the problem as my /etc/krb5.conf contains an old setting for a given realm, and
the test code was picking this port up instead of the port set on krbSetting.

Any thoughts on how to handle this?

Colm.


--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Mime
View raw message