directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Choma <martin.ch...@gmail.com>
Subject Re: ApacheDS issues TGT kerberos ticket with address on IBM java
Date Tue, 28 Jun 2016 13:44:18 GMT
I have created https://issues.apache.org/jira/browse/DIRSERVER-2156 as you
suggest. There really is address send in TGS-REQ for krbtgt. Is there way
we can workaround this behaviour? Is it bug in ibm java ignoring
noaddresses = true flag? Is it possible to configure ApacheDS not to issue
ticket with address or skip network address check?


On 28 June 2016 at 07:45, Martin Choma <martin.choma@gmail.com> wrote:

> Hi,
>
> ApacheDS issues TGT kerberos ticket with address on IBM java , even if
> noaddresses = true is explicitelly set in krb5.conf.
>
> Address in ticket causing problem, because ApacheDS check address in
> ticket with address of connection. And that leads to error "error 38
> Incorrect net address"
>
> I dont see this issue on IBM java and Active Directory, for instance, so I
> think it is not problem of client code.
>
> Also note that running ApacheDS with openJDK and oracle java I also don't
> see this.
>
> Only problematic combination is is ApacheDS vs. IBM java 8
>
> Tested use case is identity propagation / delegation.
>
> Any ideas?
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message