[jira] [Updated] (DIRKRB-668) Enable KDC backend connect to the HA Zookeeper Cluster
[ https://issues.apache.org/jira/browse/DIRKRB-668?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jiajia Li updated DIRKRB-668: - Summary: Enable KDC backend connect to the HA Zookeeper Cluster (was: A Zookeeper based high reliable & performance identity backend can just contact one zk server,which is not hight avaliable and reliable) > Enable KDC backend connect to the HA Zookeeper Cluster > -- > > Key: DIRKRB-668 > URL: https://issues.apache.org/jira/browse/DIRKRB-668 > Project: Directory Kerberos > Issue Type: Improvement >Affects Versions: 1.0.1 > Environment: jdk1.8 >Reporter: cclive1601 > Fix For: 1.0.1 > > Attachments: > 0001-modify-zk-backend-that-every-kerbey-zkbackend-can-co.patch > > > the zk backend of keryb can only connect one server of the zk list ,which is > not high reliable ,when the contect zk server is down ,this backend can not > work. this is just a little work . > -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (DIRKRB-668) A Zookeeper based high reliable & performance identity backend can just contact one zk server,which is not hight avaliable and reliable
[ https://issues.apache.org/jira/browse/DIRKRB-668?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16246904#comment-16246904 ] Jiajia Li commented on DIRKRB-668: -- Thanks for your contribution, the patch looks good to me, just one minor issuem with some "Checkstyle violations" in this patch, you can reproduce it through build the project. Could you update the patch to remove the warning? Thanks. > A Zookeeper based high reliable & performance identity backend can just > contact one zk server,which is not hight avaliable and reliable > --- > > Key: DIRKRB-668 > URL: https://issues.apache.org/jira/browse/DIRKRB-668 > Project: Directory Kerberos > Issue Type: Improvement >Affects Versions: 1.0.1 > Environment: jdk1.8 >Reporter: cclive1601 > Fix For: 1.0.1 > > Attachments: > 0001-modify-zk-backend-that-every-kerbey-zkbackend-can-co.patch > > > the zk backend of keryb can only connect one server of the zk list ,which is > not high reliable ,when the contect zk server is down ,this backend can not > work. this is just a little work . > -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Needed changes to Kerby as a result of the introduction of the KdcClientRequest
We've been working to make the changes necessitated by the introduction of the KdcClientRequest class and the associated calling parameter changes. Many data items needed by the authorization data backend code are not included in the KdcClientRequest class as defined in the 1.1.0-SNAPSHOT. Modification of this class to include the necessary data items includes a reference to the KrbIdentity class. This creates a circular dependency between the kerb-core project and the kerb-identity project. The circular dependency can be resolved by moving KrbIdentity from kerb-identity to kerb-core. Another suggestion is to more it to kerb-common. And another suggestion is to remove KdcClientRequest from package ….kerb.type.kdc as all other classes in that package are ASN1 classes and this is not. Moving the classes as follows resolves the circular dependency: KdcClientRequest from kerb-core, and KrbIdentity from kerb-identity To kerb-common — package org.apache.kerby.kerberos.kerb.request In addition, a dependency on kerb-common will be added to kerb-identity. Without objection, we’ll move these classes. If there is a better way than this, please suggest. Thanks.
Re: Git migration - server and studio
Le 09/11/2017 à 22:45, Stefan Seelmann a écrit : > On 11/05/2017 03:06 PM, Stefan Seelmann wrote: >> Server and Studio are the next repos. >> >> I created https://issues.apache.org/jira/browse/INFRA-15446 to delete >> existing mirrors. Afterwards I'll create the Git repos in GitBox and >> push the content of the existing Git mirror, including all branches and >> tags. >> >> Please don't commit to Server and Studio meanwhile. > The issue is not yet solved, sorry for that, feel free to commit anyway, > don't want to block you. I'm not blocked. I'm working on Mavibot atm, so all is ok. Thanks for the feedback ! -- Emmanuel Lecharny Symas.com directory.apache.org
Re: Git migration - server and studio
On 11/05/2017 03:06 PM, Stefan Seelmann wrote: > Server and Studio are the next repos. > > I created https://issues.apache.org/jira/browse/INFRA-15446 to delete > existing mirrors. Afterwards I'll create the Git repos in GitBox and > push the content of the existing Git mirror, including all branches and > tags. > > Please don't commit to Server and Studio meanwhile. The issue is not yet solved, sorry for that, feel free to commit anyway, don't want to block you. Kind Regards, Stefan
[jira] [Commented] (DIRSERVER-2213) Importing LDIF via Apache Directory Studio generates error
[
https://issues.apache.org/jira/browse/DIRSERVER-2213?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16246482#comment-16246482
]
Emmanuel Lecharny commented on DIRSERVER-2213:
--
The error message is pretty clear : the entry you try to add does not have a
parent. That means there is no entry which DN is
{{cn=bicc_admin,ou=groups,o=gcbipb}}.
That might be due to the LDIF file you try to import : it's not ordered
(parents first, then children, etc).
> Importing LDIF via Apache Directory Studio generates error
> --
>
> Key: DIRSERVER-2213
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2213
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: ldap
>Affects Versions: 2.0.0-M23
> Environment: Windows server 2012
>Reporter: Jeremy Jackson
>Priority: Blocker
>
> After installing Apcheds on windows and using Directory Studio to import
> LDIF, I continually receive the following type error messages:
> {noformat}
> # nga-admin, bicc_admin, groups, gcbipb
> #!RESULT ERROR
> #!CONNECTION ldap://160.106.131.42:10389
> #!DATE 2017-11-09T14:08:19.252
> #!ERROR [LDAP: error code 32 - NO_SUCH_OBJECT: failed for MessageType :
> ADD_REQUEST
> Message ID : 15
> Add Request : Entry
> dn[n]: uid=nga-admin,cn=bicc_admin,ou=groups,o=gcbipb
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: gcbipb-Client
> TenantPrimary: 1000
> cn: Nga Tran
> creatorsName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
> subschemaSubentry: cn=schema
> userPassword: 0x7B 0x53 0x53 0x48 0x41 0x7D 0x7A 0x74 0x6C 0x6F 0x66 0x7A
> 0x41 0x45 0x55 0x2F ...
> entryUUID: bfcc7260-f921-4a50-9b49-8f2a519bfd6d
> uid: nga-admin
> pwdHistory: 0x32 0x30 0x31 0x37 0x31 0x31 0x30 0x38 0x32 0x31 0x30 0x31 0x30
> 0x33 0x2E 0x31 ...
> TenantSecondary: 9993
> nbSubordinates: 0
> entryParentId: 3a33a4c1-5ad2-46f7-81ba-0653dd943fb4
> nbChildren: 0
> createTimestamp: 20171108210103.102Z
> entryCSN: 20171108210103.102000Z#00#001#00
> sn: Tran
> entryDN: uid=nga-admin,cn=bicc_admin,ou=groups,o=gcbipb
> : ERR_251_PARENT_NOT_FOUND Parent cn=bicc_admin,ou=groups,o=gcbipb not found]
> {noformat}
> .
> I'm trying to create a backup and restore procedure, but I'm unable to import
> an exported ldif file.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Updated] (DIRSERVER-2213) Importing LDIF via Apache Directory Studio generates error
[
https://issues.apache.org/jira/browse/DIRSERVER-2213?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Emmanuel Lecharny updated DIRSERVER-2213:
-
Description:
After installing Apcheds on windows and using Directory Studio to import LDIF,
I continually receive the following type error messages:
{noformat}
# nga-admin, bicc_admin, groups, gcbipb
#!RESULT ERROR
#!CONNECTION ldap://160.106.131.42:10389
#!DATE 2017-11-09T14:08:19.252
#!ERROR [LDAP: error code 32 - NO_SUCH_OBJECT: failed for MessageType :
ADD_REQUEST
Message ID : 15
Add Request : Entry
dn[n]: uid=nga-admin,cn=bicc_admin,ou=groups,o=gcbipb
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: gcbipb-Client
TenantPrimary: 1000
cn: Nga Tran
creatorsName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
subschemaSubentry: cn=schema
userPassword: 0x7B 0x53 0x53 0x48 0x41 0x7D 0x7A 0x74 0x6C 0x6F 0x66 0x7A 0x41
0x45 0x55 0x2F ...
entryUUID: bfcc7260-f921-4a50-9b49-8f2a519bfd6d
uid: nga-admin
pwdHistory: 0x32 0x30 0x31 0x37 0x31 0x31 0x30 0x38 0x32 0x31 0x30 0x31 0x30
0x33 0x2E 0x31 ...
TenantSecondary: 9993
nbSubordinates: 0
entryParentId: 3a33a4c1-5ad2-46f7-81ba-0653dd943fb4
nbChildren: 0
createTimestamp: 20171108210103.102Z
entryCSN: 20171108210103.102000Z#00#001#00
sn: Tran
entryDN: uid=nga-admin,cn=bicc_admin,ou=groups,o=gcbipb
: ERR_251_PARENT_NOT_FOUND Parent cn=bicc_admin,ou=groups,o=gcbipb not found]
{noformat}
.
I'm trying to create a backup and restore procedure, but I'm unable to import
an exported ldif file.
was:
After installing Apcheds on windows and using Directory Studio to import LDIF,
I continually receive the following type error messages:
# nga-admin, bicc_admin, groups, gcbipb
#!RESULT ERROR
#!CONNECTION ldap://160.106.131.42:10389
#!DATE 2017-11-09T14:08:19.252
#!ERROR [LDAP: error code 32 - NO_SUCH_OBJECT: failed for MessageType :
ADD_REQUEST Message ID : 15 Add Request : Entry dn[n]:
uid=nga-admin,cn=bicc_admin,ou=groups,o=gcbipb objectClass: top
objectClass: person objectClass: organizationalPerson objectClass:
inetOrgPerson objectClass: gcbipb-Client TenantPrimary: 1000 cn:
Nga Tran creatorsName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
subschemaSubentry: cn=schema userPassword: 0x7B 0x53 0x53 0x48 0x41 0x7D
0x7A 0x74 0x6C 0x6F 0x66 0x7A 0x41 0x45 0x55 0x2F ... entryUUID:
bfcc7260-f921-4a50-9b49-8f2a519bfd6d uid: nga-admin pwdHistory: 0x32
0x30 0x31 0x37 0x31 0x31 0x30 0x38 0x32 0x31 0x30 0x31 0x30 0x33 0x2E 0x31 ...
TenantSecondary: 9993 nbSubordinates: 0 entryParentId:
3a33a4c1-5ad2-46f7-81ba-0653dd943fb4 nbChildren: 0 createTimestamp:
20171108210103.102Z entryCSN: 20171108210103.102000Z#00#001#00
sn: Tran entryDN: uid=nga-admin,cn=bicc_admin,ou=groups,o=gcbipb :
ERR_251_PARENT_NOT_FOUND Parent cn=bicc_admin,ou=groups,o=gcbipb not found]
.
I'm trying to create a backup and restore procedure, but I'm unable to import
an exported ldif file.
> Importing LDIF via Apache Directory Studio generates error
> --
>
> Key: DIRSERVER-2213
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2213
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: ldap
>Affects Versions: 2.0.0-M23
> Environment: Windows server 2012
>Reporter: Jeremy Jackson
>Priority: Blocker
>
> After installing Apcheds on windows and using Directory Studio to import
> LDIF, I continually receive the following type error messages:
> {noformat}
> # nga-admin, bicc_admin, groups, gcbipb
> #!RESULT ERROR
> #!CONNECTION ldap://160.106.131.42:10389
> #!DATE 2017-11-09T14:08:19.252
> #!ERROR [LDAP: error code 32 - NO_SUCH_OBJECT: failed for MessageType :
> ADD_REQUEST
> Message ID : 15
> Add Request : Entry
> dn[n]: uid=nga-admin,cn=bicc_admin,ou=groups,o=gcbipb
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: gcbipb-Client
> TenantPrimary: 1000
> cn: Nga Tran
> creatorsName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
> subschemaSubentry: cn=schema
> userPassword: 0x7B 0x53 0x53 0x48 0x41 0x7D 0x7A 0x74 0x6C 0x6F 0x66 0x7A
> 0x41 0x45 0x55 0x2F ...
> entryUUID: bfcc7260-f921-4a50-9b49-8f2a519bfd6d
> uid: nga-admin
> pwdHistory: 0x32 0x30 0x31 0x37 0x31 0x31 0x30 0x38 0x32 0x31 0x30 0x31 0x30
> 0x33 0x2E 0x31 ...
> TenantSecondary: 9993
> nbSubordinates: 0
> entryParentId: 3a33a4c1-5ad2-46f7-81ba-0653dd943fb4
> nbChildren: 0
> createTimestamp:
[jira] [Created] (DIRSERVER-2213) Importing LDIF via Apache Directory Studio generates error
Jeremy Jackson created DIRSERVER-2213: - Summary: Importing LDIF via Apache Directory Studio generates error Key: DIRSERVER-2213 URL: https://issues.apache.org/jira/browse/DIRSERVER-2213 Project: Directory ApacheDS Issue Type: Bug Components: ldap Affects Versions: 2.0.0-M23 Environment: Windows server 2012 Reporter: Jeremy Jackson Priority: Blocker After installing Apcheds on windows and using Directory Studio to import LDIF, I continually receive the following type error messages: # nga-admin, bicc_admin, groups, gcbipb #!RESULT ERROR #!CONNECTION ldap://160.106.131.42:10389 #!DATE 2017-11-09T14:08:19.252 #!ERROR [LDAP: error code 32 - NO_SUCH_OBJECT: failed for MessageType : ADD_REQUEST Message ID : 15 Add Request : Entry dn[n]: uid=nga-admin,cn=bicc_admin,ou=groups,o=gcbipb objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: gcbipb-Client TenantPrimary: 1000 cn: Nga Tran creatorsName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system subschemaSubentry: cn=schema userPassword: 0x7B 0x53 0x53 0x48 0x41 0x7D 0x7A 0x74 0x6C 0x6F 0x66 0x7A 0x41 0x45 0x55 0x2F ... entryUUID: bfcc7260-f921-4a50-9b49-8f2a519bfd6d uid: nga-admin pwdHistory: 0x32 0x30 0x31 0x37 0x31 0x31 0x30 0x38 0x32 0x31 0x30 0x31 0x30 0x33 0x2E 0x31 ... TenantSecondary: 9993 nbSubordinates: 0 entryParentId: 3a33a4c1-5ad2-46f7-81ba-0653dd943fb4 nbChildren: 0 createTimestamp: 20171108210103.102Z entryCSN: 20171108210103.102000Z#00#001#00 sn: Tran entryDN: uid=nga-admin,cn=bicc_admin,ou=groups,o=gcbipb : ERR_251_PARENT_NOT_FOUND Parent cn=bicc_admin,ou=groups,o=gcbipb not found] . I'm trying to create a backup and restore procedure, but I'm unable to import an exported ldif file. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Assigned] (DIRKRB-520) Fix findbugs issuse in Kerby ASN1, Kerby Config and Kerby PKIX
[
https://issues.apache.org/jira/browse/DIRKRB-520?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh reassigned DIRKRB-520:
--
Assignee: Colm O hEigeartaigh (was: YanYan)
> Fix findbugs issuse in Kerby ASN1, Kerby Config and Kerby PKIX
> --
>
> Key: DIRKRB-520
> URL: https://issues.apache.org/jira/browse/DIRKRB-520
> Project: Directory Kerberos
> Issue Type: Bug
>Affects Versions: 1.0.0-RC2
>Reporter: YanYan
>Assignee: Colm O hEigeartaigh
> Fix For: 1.1.0
>
>
> When the source code is built with findbugs, there are some bugs in {{Kerby
> ASN1}}, {{Kerby Config}} and {{Kerby PKIX}}.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Resolved] (DIRKRB-520) Fix findbugs issuse in Kerby ASN1, Kerby Config and Kerby PKIX
[
https://issues.apache.org/jira/browse/DIRKRB-520?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh resolved DIRKRB-520.
Resolution: Fixed
> Fix findbugs issuse in Kerby ASN1, Kerby Config and Kerby PKIX
> --
>
> Key: DIRKRB-520
> URL: https://issues.apache.org/jira/browse/DIRKRB-520
> Project: Directory Kerberos
> Issue Type: Bug
>Affects Versions: 1.0.0-RC2
>Reporter: YanYan
>Assignee: Colm O hEigeartaigh
> Fix For: 1.1.0
>
>
> When the source code is built with findbugs, there are some bugs in {{Kerby
> ASN1}}, {{Kerby Config}} and {{Kerby PKIX}}.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Updated] (DIRKRB-520) Fix findbugs issuse in Kerby ASN1, Kerby Config and Kerby PKIX
[
https://issues.apache.org/jira/browse/DIRKRB-520?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh updated DIRKRB-520:
---
Fix Version/s: 1.1.0
> Fix findbugs issuse in Kerby ASN1, Kerby Config and Kerby PKIX
> --
>
> Key: DIRKRB-520
> URL: https://issues.apache.org/jira/browse/DIRKRB-520
> Project: Directory Kerberos
> Issue Type: Bug
>Affects Versions: 1.0.0-RC2
>Reporter: YanYan
>Assignee: YanYan
> Fix For: 1.1.0
>
>
> When the source code is built with findbugs, there are some bugs in {{Kerby
> ASN1}}, {{Kerby Config}} and {{Kerby PKIX}}.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Resolved] (DIRKRB-98) NPE in KerberosProtocolHandler while handling pre-auth
[ https://issues.apache.org/jira/browse/DIRKRB-98?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved DIRKRB-98. --- Resolution: Duplicate > NPE in KerberosProtocolHandler while handling pre-auth > -- > > Key: DIRKRB-98 > URL: https://issues.apache.org/jira/browse/DIRKRB-98 > Project: Directory Kerberos > Issue Type: Bug > Environment: Thi issue is reproducible on 2.0.0-M15 (not selectable > in Affects Version/s field). >Reporter: Dominik Pospisil >Assignee: Emmanuel Lecharny > > I am getting NPEs after upgrading from M7 to M15 in timestamp pre-auth: > 10:18:21,431 ERROR [org.apache.directory.server.KERBEROS_LOG] > (NioDatagramAcceptor-1) No timestamp found > 10:18:21,436 WARN > [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] > (NioDatagramAcceptor-1) Additional pre-authentication required (25) > 10:18:21,436 WARN [org.apache.directory.server.KERBEROS_LOG] > (NioDatagramAcceptor-1) Additional pre-authentication required (25) > 10:18:21,511 ERROR > [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] > (NioDatagramAcceptor-1) ERR_152 Unexpected exception: null: > java.lang.NullPointerException > at > org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionEngine.removeLeadingBytes(EncryptionEngine.java:155) > at > org.apache.directory.server.kerberos.shared.crypto.encryption.Des3CbcSha1KdEncryption.getDecryptedData(Des3CbcSha1KdEncryption.java:111) > at > org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler.decrypt(CipherTextHandler.java:121) > at > org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.verifyEncryptedTimestamp(AuthenticationService.java:335) > at > org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.execute(AuthenticationService.java:126) > at > org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:206) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765) > at > org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:407) > at > org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:236) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765) > at > org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:109) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:410) > at > org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:701) > at > org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:670) > at > org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$800(AbstractPollingConnectionlessIoAcceptor.java:61) > at > org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:607) > at > org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at java.lang.Thread.run(Thread.java:744) -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Closed] (DIRKRB-98) NPE in KerberosProtocolHandler while handling pre-auth
[ https://issues.apache.org/jira/browse/DIRKRB-98?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh closed DIRKRB-98. - > NPE in KerberosProtocolHandler while handling pre-auth > -- > > Key: DIRKRB-98 > URL: https://issues.apache.org/jira/browse/DIRKRB-98 > Project: Directory Kerberos > Issue Type: Bug > Environment: Thi issue is reproducible on 2.0.0-M15 (not selectable > in Affects Version/s field). >Reporter: Dominik Pospisil >Assignee: Emmanuel Lecharny > > I am getting NPEs after upgrading from M7 to M15 in timestamp pre-auth: > 10:18:21,431 ERROR [org.apache.directory.server.KERBEROS_LOG] > (NioDatagramAcceptor-1) No timestamp found > 10:18:21,436 WARN > [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] > (NioDatagramAcceptor-1) Additional pre-authentication required (25) > 10:18:21,436 WARN [org.apache.directory.server.KERBEROS_LOG] > (NioDatagramAcceptor-1) Additional pre-authentication required (25) > 10:18:21,511 ERROR > [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] > (NioDatagramAcceptor-1) ERR_152 Unexpected exception: null: > java.lang.NullPointerException > at > org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionEngine.removeLeadingBytes(EncryptionEngine.java:155) > at > org.apache.directory.server.kerberos.shared.crypto.encryption.Des3CbcSha1KdEncryption.getDecryptedData(Des3CbcSha1KdEncryption.java:111) > at > org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler.decrypt(CipherTextHandler.java:121) > at > org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.verifyEncryptedTimestamp(AuthenticationService.java:335) > at > org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.execute(AuthenticationService.java:126) > at > org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:206) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765) > at > org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:407) > at > org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:236) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765) > at > org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:109) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:410) > at > org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:701) > at > org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:670) > at > org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$800(AbstractPollingConnectionlessIoAcceptor.java:61) > at > org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:607) > at > org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at java.lang.Thread.run(Thread.java:744) -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (DIRKRB-361) Rework kerby kdc start script
[ https://issues.apache.org/jira/browse/DIRKRB-361?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16245668#comment-16245668 ] Colm O hEigeartaigh commented on DIRKRB-361: Can this issue be closed? > Rework kerby kdc start script > - > > Key: DIRKRB-361 > URL: https://issues.apache.org/jira/browse/DIRKRB-361 > Project: Directory Kerberos > Issue Type: Improvement >Reporter: Kai Zheng >Assignee: Kai Zheng > -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (DIRKRB-365) Rework kadmin script for *nix
[ https://issues.apache.org/jira/browse/DIRKRB-365?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16245667#comment-16245667 ] Colm O hEigeartaigh commented on DIRKRB-365: Can this issue be fixed? > Rework kadmin script for *nix > - > > Key: DIRKRB-365 > URL: https://issues.apache.org/jira/browse/DIRKRB-365 > Project: Directory Kerberos > Issue Type: Improvement >Reporter: Kai Zheng >Assignee: Kai Zheng > Fix For: 2.0.0-RC1 > > -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (DIRKRB-123) Implementing cross-realm support
[ https://issues.apache.org/jira/browse/DIRKRB-123?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated DIRKRB-123: --- Fix Version/s: (was: 2.0.0-RC1) 1.1.0 > Implementing cross-realm support > > > Key: DIRKRB-123 > URL: https://issues.apache.org/jira/browse/DIRKRB-123 > Project: Directory Kerberos > Issue Type: Sub-task >Reporter: Kai Zheng > Fix For: 1.1.0 > > > This is going to implement the cross-realm support, which can be used to > build trust relationship with MIT Kerberos KDC or MS AD. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Resolved] (DIRKRB-123) Implementing cross-realm support
[ https://issues.apache.org/jira/browse/DIRKRB-123?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved DIRKRB-123. Resolution: Fixed > Implementing cross-realm support > > > Key: DIRKRB-123 > URL: https://issues.apache.org/jira/browse/DIRKRB-123 > Project: Directory Kerberos > Issue Type: Sub-task >Reporter: Kai Zheng > Fix For: 1.1.0 > > > This is going to implement the cross-realm support, which can be used to > build trust relationship with MIT Kerberos KDC or MS AD. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (DIRKRB-366) Rework kinit script for *nix
[ https://issues.apache.org/jira/browse/DIRKRB-366?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16245636#comment-16245636 ] Colm O hEigeartaigh commented on DIRKRB-366: Can this issue be closed? > Rework kinit script for *nix > > > Key: DIRKRB-366 > URL: https://issues.apache.org/jira/browse/DIRKRB-366 > Project: Directory Kerberos > Issue Type: Improvement >Reporter: Kai Zheng >Assignee: Kai Zheng > Fix For: 2.0.0-RC1 > > -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Resolved] (DIRKRB-248) Kerby's kinit supports MIT's KDC
[ https://issues.apache.org/jira/browse/DIRKRB-248?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved DIRKRB-248. Resolution: Fixed > Kerby's kinit supports MIT's KDC > > > Key: DIRKRB-248 > URL: https://issues.apache.org/jira/browse/DIRKRB-248 > Project: Directory Kerberos > Issue Type: Sub-task >Reporter: Jiajia Li >Assignee: Wei Zhou > > Using Kerby's kinit in MIT's KDC. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Resolved] (DIRKRB-667) Kerby and Tool distributions are lacking required jars
[ https://issues.apache.org/jira/browse/DIRKRB-667?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved DIRKRB-667. Resolution: Fixed > Kerby and Tool distributions are lacking required jars > -- > > Key: DIRKRB-667 > URL: https://issues.apache.org/jira/browse/DIRKRB-667 > Project: Directory Kerberos > Issue Type: Bug >Affects Versions: 1.0.1 >Reporter: Colm O hEigeartaigh >Assignee: Colm O hEigeartaigh > Fix For: 1.1.0, 1.0.2 > > Attachments: DIRKRB-667.patch > > > The Kerby and Tool distributions are lacking required jars due to excluding > transitive dependencies. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (DIRKRB-667) Kerby and Tool distributions are lacking required jars
[ https://issues.apache.org/jira/browse/DIRKRB-667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16245550#comment-16245550 ] Kai Zheng commented on DIRKRB-667: -- The patch looks good to me and I also agree we can remove the mentioned two deps from kdc-dist. We can double check this change doing integration tests when doing the 1.1.0 release. Thanks Colm. > Kerby and Tool distributions are lacking required jars > -- > > Key: DIRKRB-667 > URL: https://issues.apache.org/jira/browse/DIRKRB-667 > Project: Directory Kerberos > Issue Type: Bug >Affects Versions: 1.0.1 >Reporter: Colm O hEigeartaigh >Assignee: Colm O hEigeartaigh > Fix For: 1.1.0, 1.0.2 > > Attachments: DIRKRB-667.patch > > > The Kerby and Tool distributions are lacking required jars due to excluding > transitive dependencies. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (DIRKRB-668) A Zookeeper based high reliable & performance identity backend can just contact one zk server,which is not hight avaliable and reliable
[ https://issues.apache.org/jira/browse/DIRKRB-668?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] cclive1601 updated DIRKRB-668: -- Attachment: 0001-modify-zk-backend-that-every-kerbey-zkbackend-can-co.patch > A Zookeeper based high reliable & performance identity backend can just > contact one zk server,which is not hight avaliable and reliable > --- > > Key: DIRKRB-668 > URL: https://issues.apache.org/jira/browse/DIRKRB-668 > Project: Directory Kerberos > Issue Type: Improvement >Affects Versions: 1.0.1 > Environment: jdk1.8 >Reporter: cclive1601 > Fix For: 1.0.1 > > Attachments: > 0001-modify-zk-backend-that-every-kerbey-zkbackend-can-co.patch > > > the zk backend of keryb can only connect one server of the zk list ,which is > not high reliable ,when the contect zk server is down ,this backend can not > work. this is just a little work . > -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (DIRKRB-668) A Zookeeper based high reliable & performance identity backend can just contact one zk server,which is not hight avaliable and reliable
[ https://issues.apache.org/jira/browse/DIRKRB-668?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] cclive1601 updated DIRKRB-668: -- Description: the zk backend of keryb can only connect one server of the zk list ,which is not high reliable ,when the contect zk server is down ,this backend can not work. this is just a little work . was: the zk backend of keryb can only connect one server of the zk list ,which is not high reliable ,when the contect zk server is down ,this backend can not work. this is just a little work . > A Zookeeper based high reliable & performance identity backend can just > contact one zk server,which is not hight avaliable and reliable > --- > > Key: DIRKRB-668 > URL: https://issues.apache.org/jira/browse/DIRKRB-668 > Project: Directory Kerberos > Issue Type: Improvement >Affects Versions: 1.0.1 > Environment: jdk1.8 >Reporter: cclive1601 > Fix For: 1.0.1 > > > the zk backend of keryb can only connect one server of the zk list ,which is > not high reliable ,when the contect zk server is down ,this backend can not > work. this is just a little work . > -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (DIRKRB-668) A Zookeeper based high reliable & performance identity backend can just contact one zk server,which is not hight avaliable and reliable
[ https://issues.apache.org/jira/browse/DIRKRB-668?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] cclive1601 updated DIRKRB-668: -- Affects Version/s: 1.0.1 > A Zookeeper based high reliable & performance identity backend can just > contact one zk server,which is not hight avaliable and reliable > --- > > Key: DIRKRB-668 > URL: https://issues.apache.org/jira/browse/DIRKRB-668 > Project: Directory Kerberos > Issue Type: Improvement >Affects Versions: 1.0.1 > Environment: jdk1.8 >Reporter: cclive1601 > Fix For: 1.0.1 > > > the zk backend of keryb can only connect one server of the zk list ,which is > not high reliable ,when the contect zk server is down ,this backend can not > work. this is just a little work . > -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (DIRKRB-668) A Zookeeper based high reliable & performance identity backend can just contact one zk server,which is not hight avaliable and reliable
cclive1601 created DIRKRB-668: - Summary: A Zookeeper based high reliable & performance identity backend can just contact one zk server,which is not hight avaliable and reliable Key: DIRKRB-668 URL: https://issues.apache.org/jira/browse/DIRKRB-668 Project: Directory Kerberos Issue Type: Improvement Environment: jdk1.8 Reporter: cclive1601 Fix For: 1.0.1 the zk backend of keryb can only connect one server of the zk list ,which is not high reliable ,when the contect zk server is down ,this backend can not work. this is just a little work . -- This message was sent by Atlassian JIRA (v6.4.14#64029)
