directory-users mailing list archives

Site index · List index

Message view	« Date » · « Thread »
Top	« Date » · « Thread »
From	Emmanuel Lcharny <elecha...@gmail.com>
Subject	Re: [ApacheDS] Slash domain name inserted when searching for service principal in 1.5.5?
Date	Tue, 22 Dec 2009 23:23:11 GMT
Leonardo Graf a écrit : > Hello > Hi, can you check that the localhost entry in /etc/hosts does not refer to the loopback address (127.0.0.1) ? If so, can you add your server IP instead ? > > > I'm getting a service ticket from the directory server with this code: > > > > GSSManager manager = GSSManager.getInstance(); > final Oid kerberos = new Oid("1.2.840.113554.1.2.2"); > GSSName serverName = manager.createName("leosservice/localhost@EXAMPLE.COM", > GSSName.NT_HOSTBASED_SERVICE); > final GSSContext context = manager.createContext( serverName, > kerberos, null, > GSSContext.DEFAULT_LIFETIME); > > Subject.doAs(loginContext.getSubject(), new PrivilegedExceptionAction<byte[]>() { > > public GSSContext run() throws Exception { > byte[] token = new byte[0]; > // This is a one pass context initialisation. > context.requestMutualAuth( false); > context.requestCredDeleg( false); > byte[] serviceTicket = context.initSecContext( token, 0, token.length); > > ... > > > > This works nicely, but only if I set the krb5PrincipalName attribute to: leosservice/localhost/example.com@EXAMPLE.COM > > > > If I set it to (without the domain name in between): leosservice/localhost@EXAMPLE.COM as I would expect to be correct, the server complains with the following error: > > > > [22:46:36] WARN [org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] - No server entry found for kerberos principal name leosservice/localhost/example.com@EXAMPLE.COM > [22:46:36] WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Server not found in Kerberos database (7) > org.apache.directory.server.kerberos.shared.exceptions.KerberosException: Server not found in Kerberos database > at org.apache.directory.server.kerberos.shared.KerberosUtils.getEntry(KerberosUtils.java:315) > at org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.getRequestPrincipalEntry(TicketGrantingService.java:310) > at org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.execute(TicketGrantingService.java:103) > at org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:158) > at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:721) > at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433) > at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47) > at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:801) > at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375) > at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229) > at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433) > at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47) > at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:801) > at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119) > at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433) > at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:425) > at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436) > at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407) > at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56) > at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360) > at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) > at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) > at java.lang.Thread.run(Unknown Source) > Caused by: java.lang.NullPointerException > at org.apache.directory.server.kerberos.shared.store.operations.GetPrincipal.getEntry(GetPrincipal.java:97) > at org.apache.directory.server.kerberos.shared.store.operations.GetPrincipal.execute(GetPrincipal.java:81) > at org.apache.directory.server.kerberos.shared.store.SingleBaseSearch.getPrincipal(SingleBaseSearch.java:63) > at org.apache.directory.server.kerberos.shared.store.DirectoryPrincipalStore.getPrincipal(DirectoryPrincipalStore.java:71) > at org.apache.directory.server.kerberos.shared.KerberosUtils.getEntry(KerberosUtils.java:311) > ... 23 more > > > > > Is this expected behaviour or am I doing something wrong? > > > > Regards, Leo > > _________________________________________________________________ > Keep your friends updated—even when you’re not signed in. > http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_5:092010 >
Mime	Unnamed text/plain (inline, 8-Bit, 5432 bytes)
	View raw message