[ https://issues.apache.org/jira/browse/DIRKRB-762?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jichao Wang updated DIRKRB-762: ------------------------------- Attachment: kdc-npe.png > The AS request appears with an NPE when preauth_required is set to false > ------------------------------------------------------------------------ > > Key: DIRKRB-762 > URL: https://issues.apache.org/jira/browse/DIRKRB-762 > Project: Directory Kerberos > Issue Type: Bug > Affects Versions: 2.0.0, 2.0.1, 2.0.2 > Reporter: Jichao Wang > Priority: Major > Fix For: 2.0.3 > > Attachments: kdc-npe.png > > > If change the value of preauth_required in the kdc.conf file to false, then > using the following code to access the KDC causes an NPE error. > {code:java} > // Run on JDK8 or JDK11 > public class Test { > public static void main(String[] args) throws Exception { > LoginContext lc = new LoginContext("SampleClient", > new Subject(), > null, > new CustomConfiguration("had...@hadoop.com", > "/root/wjc/hadoop.keytab")); > lc.login(); > System.out.println(lc.getSubject().toString()); > } > } {code} > Here is a fix to the problem: > {code:java} > Index: > kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java > IDEA additional info: > Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP > <+>UTF-8 > =================================================================== > diff --git > a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java > > b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java > --- > a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java > (revision 03784fcde8e94fedbe789606d2f328104c20b33f) > +++ > b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java > (date 1670208307220) > @@ -678,11 +678,13 @@ > } > > PaData preAuthData = request.getPaData(); > - if (isPreauthRequired() && (preAuthData == null || > preAuthData.isEmpty())) { > - LOG.info("The preauth data is empty."); > - KrbError krbError = makePreAuthenticationError(kdcContext, > request, > - KrbErrorCode.KDC_ERR_PREAUTH_REQUIRED, false); > - throw new KdcRecoverableException(krbError); > + if (isPreauthRequired()) { > + if (preAuthData == null || preAuthData.isEmpty()) { > + LOG.info("The preauth data is empty."); > + KrbError krbError = makePreAuthenticationError(kdcContext, > request, > + KrbErrorCode.KDC_ERR_PREAUTH_REQUIRED, false); > + throw new KdcRecoverableException(krbError); > + } > } else { > getPreauthHandler().verify(this, preAuthData); > } > {code} > -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org