directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel LŽcharny <elecha...@gmail.com>
Subject Re: [ApacheDS] Slash domain name inserted when searching for service principal in 1.5.5?
Date Tue, 22 Dec 2009 23:23:11 GMT
Leonardo Graf a écrit :
> Hello
>   

Hi,

can you check that the localhost entry in /etc/hosts does not refer to 
the loopback address (127.0.0.1) ? If so, can you add your server IP 
instead ?

>  
>
> I'm getting a service ticket from the directory server with this code:
>
>  
>
> GSSManager manager = GSSManager.getInstance();
> final Oid kerberos = new Oid("1.2.840.113554.1.2.2");
> GSSName serverName = manager.createName("leosservice/localhost@EXAMPLE.COM",
> GSSName.NT_HOSTBASED_SERVICE);
> final GSSContext context = manager.createContext( serverName,
>     kerberos, null,
>     GSSContext.DEFAULT_LIFETIME);
>
> Subject.doAs(loginContext.getSubject(), new PrivilegedExceptionAction<byte[]>()
{
>
>     public GSSContext run() throws Exception {
>     byte[] token = new byte[0];
>     // This is a one pass context initialisation.
>     context.requestMutualAuth( false);
>     context.requestCredDeleg( false);
>     byte[] serviceTicket = context.initSecContext( token, 0, token.length);
>
>     ...
>
>  
>
> This works nicely, but only if I set the krb5PrincipalName attribute to: leosservice/localhost/example.com@EXAMPLE.COM
>
>  
>
> If I set it to (without the domain name in between): leosservice/localhost@EXAMPLE.COM
as I would expect to be correct, the server complains with the following error:
>
>  
>
> [22:46:36] WARN [org.apache.directory.server.kerberos.shared.store.operations.StoreUtils]
- No server entry found for kerberos principal name leosservice/localhost/example.com@EXAMPLE.COM
> [22:46:36] WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler]
- Server not found in Kerberos database (7)
> org.apache.directory.server.kerberos.shared.exceptions.KerberosException: Server not
found in Kerberos database
>  at org.apache.directory.server.kerberos.shared.KerberosUtils.getEntry(KerberosUtils.java:315)
>  at org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.getRequestPrincipalEntry(TicketGrantingService.java:310)
>  at org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.execute(TicketGrantingService.java:103)
>  at org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:158)
>  at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:721)
>  at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433)
>  at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
>  at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:801)
>  at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375)
>  at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229)
>  at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433)
>  at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
>  at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:801)
>  at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
>  at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433)
>  at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:425)
>  at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436)
>  at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407)
>  at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56)
>  at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360)
>  at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
>  at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
>  at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
>  at java.lang.Thread.run(Unknown Source)
> Caused by: java.lang.NullPointerException
>  at org.apache.directory.server.kerberos.shared.store.operations.GetPrincipal.getEntry(GetPrincipal.java:97)
>  at org.apache.directory.server.kerberos.shared.store.operations.GetPrincipal.execute(GetPrincipal.java:81)
>  at org.apache.directory.server.kerberos.shared.store.SingleBaseSearch.getPrincipal(SingleBaseSearch.java:63)
>  at org.apache.directory.server.kerberos.shared.store.DirectoryPrincipalStore.getPrincipal(DirectoryPrincipalStore.java:71)
>  at org.apache.directory.server.kerberos.shared.KerberosUtils.getEntry(KerberosUtils.java:311)
>  ... 23 more
>
>
>  
>
> Is this expected behaviour or am I doing something wrong?
>
>  
>
> Regards, Leo
>  		 	   		  
> _________________________________________________________________
> Keep your friends updated—even when you’re not signed in.
> http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_5:092010
>   


Mime
View raw message