[jira] [Commented] (DIRKRB-472) Use sessionkey or subkey appropriately

Mon, 23 Nov 2015 01:23:22 -0800 

    [ 
https://issues.apache.org/jira/browse/DIRKRB-472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15021828#comment-15021828
 ] 

Kai Zheng commented on DIRKRB-472:
----------------------------------

In current codes, when running Kerby client -> MIT KDC, it will throw:
{noformat}
Exception in thread "main" org.apache.kerby.kerberos.kerb.KrbException: 
Integrity check on decrypted field failed
        at 
org.apache.kerby.kerberos.kerb.crypto.enc.KeKiEnc.decryptWith(KeKiEnc.java:127)
        at 
org.apache.kerby.kerberos.kerb.crypto.enc.AbstractEncTypeHandler.decrypt(AbstractEncTypeHandler.java:150)
        at 
org.apache.kerby.kerberos.kerb.crypto.enc.AbstractEncTypeHandler.decrypt(AbstractEncTypeHandler.java:138)
        at 
org.apache.kerby.kerberos.kerb.crypto.EncryptionHandler.decrypt(EncryptionHandler.java:244)
        at 
org.apache.kerby.kerberos.kerb.common.EncryptionUtil.unseal(EncryptionUtil.java:136)
        at 
org.apache.kerby.kerberos.kerb.client.request.TgsRequest.processResponse(TgsRequest.java:82)
        at 
org.apache.kerby.kerberos.kerb.client.KrbHandler.onResponseMessage(KrbHandler.java:113)
        at 
org.apache.kerby.kerberos.kerb.client.impl.DefaultKrbHandler.handleRequest(DefaultKrbHandler.java:47)
        at 
org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbClient.doRequestServiceTicket(DefaultInternalKrbClient.java:86)
        at 
org.apache.kerby.kerberos.kerb.client.impl.AbstractInternalKrbClient.requestServiceTicket(AbstractInternalKrbClient.java:139)
        at 
org.apache.kerby.kerberos.kerb.client.KrbClient.requestServiceTicketWithTgt(KrbClient.java:267)
        at 
org.apache.kerby.kerberos.tool.kinit.KinitTool.requestTicket(KinitTool.java:161)
        at 
org.apache.kerby.kerberos.tool.kinit.KinitTool.main(KinitTool.java:229)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at com.intellij.rt.execution.application.AppMain.main(AppMain.java:140)
{noformat}

> Use sessionkey or subkey appropriately
> --------------------------------------
>
>                 Key: DIRKRB-472
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-472
>             Project: Directory Kerberos
>          Issue Type: Bug
>            Reporter: Kai Zheng
>            Assignee: Kai Zheng
>
> It looks like we need to revisit related codes across client and server to 
> ensure session key or subkey is used appropriately. The changes should make 
> both MIT Kerberos and Oracle Java happy conforming to the spec.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to