[jira] [Commented] (DIRKRB-344) Encrypton type negotiation issue between client and KDC

Tue, 07 Jul 2015 20:50:32 -0700 

    [ 
https://issues.apache.org/jira/browse/DIRKRB-344?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14617924#comment-14617924
 ] 

Jiajia Li commented on DIRKRB-344:
----------------------------------

Typically, a client starts a conversation by sending an initial request with no 
pre-authentication.  If the KDC requires pre-authentication, then it returns a 
KDC_ERR_PREAUTH_REQUIRED error message with the encyption type list included by 
client and kdc.
commit 9af3d58844c9d07023bfa2c3ff72d790b9344dcd
Author: plusplusjiajia <[email protected]>
Date:   Wed Jul 8 11:46:40 2015 +0800

    [DIRKRB-344]-Encrypton type negotiation issue between client and KDC.

> Encrypton type negotiation issue between client and KDC
> -------------------------------------------------------
>
>                 Key: DIRKRB-344
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-344
>             Project: Directory Kerberos
>          Issue Type: Bug
>            Reporter: Kai Zheng
>            Assignee: Jiajia Li
>
> When client using an encryption type that's not used by KDC side, it will 
> throw exception because of some related issue in negotiation, like below:
> {noformat}
> KRB error occured while processing request:Additional pre-authentication 
> required
> java.lang.NullPointerException
>       at 
> org.apache.kerby.kerberos.kerb.crypto.EncryptionHandler.decrypt(EncryptionHandler.java:163)
>       at 
> org.apache.kerby.kerberos.kerb.common.EncryptionUtil.unseal(EncryptionUtil.java:135)
>       at 
> org.apache.kerby.kerberos.kerb.server.preauth.builtin.EncTsPreauth.verify(EncTsPreauth.java:48)
>       at 
> org.apache.kerby.kerberos.kerb.server.preauth.PreauthHandle.verify(PreauthHandle.java:46)
>       at 
> org.apache.kerby.kerberos.kerb.server.preauth.PreauthHandler.verify(PreauthHandler.java:96)
>       at 
> org.apache.kerby.kerberos.kerb.server.request.KdcRequest.preauth(KdcRequest.java:330)
>       at 
> org.apache.kerby.kerberos.kerb.server.request.KdcRequest.process(KdcRequest.java:122)
>       at 
> org.apache.kerby.kerberos.kerb.server.KdcHandler.handleMessage(KdcHandler.java:85)
>       at 
> org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandler.handleMessage(DefaultKdcHandler.java:67)
>       at 
> org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandler.run(DefaultKdcHandler.java:52)
>       at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>       at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>       at java.lang.Thread.run(Thread.java:745)
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to