directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: [ApacheDS] programmatically creating a keytab file with multiple principals
Date Mon, 05 Aug 2013 13:54:40 GMT
this mail thread[1] should give you an idea about the format, and if you
can file a bug in JIRA[2] and attach your patch that would be awesome! :)

[1] http://www.mail-archive.com/kerberos@mit.edu/msg10333.html
[2] https://issues.apache.org/jira/browse/DIRKRB


On Mon, Aug 5, 2013 at 7:08 PM, Alejandro Abdelnur <tucu00@gmail.com> wrote:

> I've looked around in the code and the problem seems to be in the
> KeytabEncoder.write()  method:
>
> -----
>     ByteBuffer write( byte[] keytabVersion, List<KeytabEntry> entries )
>     {
>         ByteBuffer buffer = ByteBuffer.allocate( 512 );
>         putKeytabVersion( buffer, keytabVersion );
>         putKeytabEntries( buffer, entries );
>         buffer.flip();
>
>         return buffer;
>     }
> -----
>
> the buffer is hardcoded to 512 when it should take into account the entry
> size.
>
> making the buffer size to be entries.lenght() * 120 fixes the problem to
> create the keytab, still have to test such keytab.
>
> though I  don't know if this is the right approach.
>
> thx
>
>
> On Sun, Aug 4, 2013 at 9:00 PM, Alejandro Abdelnur <tucu00@gmail.com>
> wrote:
>
> > Hi,
> >
> > I'm trying to create a keytab programmatically with multiple principals
> > but it is failing on write with the following error:
> >
> > ------
> > java.nio.BufferOverflowException
> >  at java.nio.HeapByteBuffer.put(HeapByteBuffer.java:182)
> > at
> >
> org.apache.directory.server.kerberos.shared.keytab.KeytabEncoder.putKeytabEntries(KeytabEncoder.java:83)
> >  at
> >
> org.apache.directory.server.kerberos.shared.keytab.KeytabEncoder.write(KeytabEncoder.java:48)
> > at
> >
> org.apache.directory.server.kerberos.shared.keytab.Keytab.write(Keytab.java:95)
> >
> > ------
> >
> > If I create the keytab with a single principal it works just fine
> > following is the snippet on the keytab creation.
> >
> > ------
> >   protected void createPrincipal(File keytabFile, String ... principals)
> >       throws Exception {
> >     Keytab keytab = Keytab.getInstance();
> >     List<KeytabEntry> entries = new ArrayList<KeytabEntry>();
> >     for (String principal : principals) {
> >       createPrincipal(principal, "secret");
> >       String orgName= conf.getProperty(ORG_NAME);
> >       String orgDomain = conf.getProperty(ORG_DOMAIN);
> >       String realm = orgName.toUpperCase() + "." +
> orgDomain.toUpperCase();
> >       principal = principal + "@" + realm;
> >       KerberosTime timestamp = new KerberosTime();
> >        for (Map.Entry<EncryptionType, EncryptionKey> entry :
> > KerberosKeyFactory
> >           .getKerberosKeys(principal, "secret").entrySet()) {
> >         EncryptionKey ekey = entry.getValue();
> >         byte keyVersion = (byte) ekey.getKeyVersion();
> >         entries.add(new KeytabEntry(principal, 1L, timestamp, keyVersion,
> > ekey));
> >       }
> >     }
> >     keytab.setEntries(entries);
> >     keytab.write(keytabFile);
> >   }
> > ------
> >
> > I'd appreciate any hint on how to do this or if it is not possible.
> >
> > Thanks.
> >
> > Alejandro
> >
>



-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message