[ https://issues.apache.org/jira/browse/DIRKRB-762?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh reassigned DIRKRB-762: ------------------------------------------ Assignee: Colm O hEigeartaigh > The AS request appears with an NPE when preauth_required is set to false > ------------------------------------------------------------------------ > > Key: DIRKRB-762 > URL: https://issues.apache.org/jira/browse/DIRKRB-762 > Project: Directory Kerberos > Issue Type: Bug > Affects Versions: 2.0.0, 2.0.1, 2.0.2 > Reporter: Jichao Wang > Assignee: Colm O hEigeartaigh > Priority: Major > Fix For: 2.0.3 > > Attachments: kdc-npe.png > > Time Spent: 20m > Remaining Estimate: 0h > > If change the value of preauth_required in the kdc.conf file to false, then > using the following code to access the KDC causes an NPE error. > * Test.java > {code:java} > // Test.java Run on JDK8 or JDK11 > public class Test { > public static void main(String[] args) throws Exception { > System.setProperty("java.security.krb5.realm", "HADOOP.COM"); > System.setProperty("java.security.krb5.kdc", "wslhost"); > LoginContext lc = new LoginContext("SampleClient", > new Subject(), > null, > new CustomConfiguration("had...@hadoop.com", > "/root/wjc/hadoop.keytab")); > lc.login(); > System.out.println(lc.getSubject().toString()); > } > } {code} > * > CustomConfiguration.java > {code:java} > import javax.security.auth.login.AppConfigurationEntry; > import java.util.HashMap; > import java.util.Map; > class CustomConfiguration > extends javax.security.auth.login.Configuration { > private static final Map<String, String> BASIC_JAAS_OPTIONS = > new HashMap<String, String>(); > private static final Map<String, String> KEYTAB_KERBEROS_OPTIONS = > new HashMap<String, String>(); > private static final AppConfigurationEntry KEYTAB_KERBEROS_LOGIN = > new > AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", > AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, > KEYTAB_KERBEROS_OPTIONS); > private static final AppConfigurationEntry[] KEYTAB_KERBEROS_CONF = > new AppConfigurationEntry[]{KEYTAB_KERBEROS_LOGIN}; > static { > KEYTAB_KERBEROS_OPTIONS.put("doNotPrompt", "true"); > KEYTAB_KERBEROS_OPTIONS.put("useKeyTab", "true"); > KEYTAB_KERBEROS_OPTIONS.put("storeKey", "true"); > KEYTAB_KERBEROS_OPTIONS.put("refreshKrb5Config", "true"); > KEYTAB_KERBEROS_OPTIONS.putAll(BASIC_JAAS_OPTIONS); > } > private String keytabPrincipal; > private String keytabFile; > public CustomConfiguration(String keytabPrincipal, String keytabFile) { > this.keytabPrincipal = keytabPrincipal; > this.keytabFile = keytabFile; > } > private CustomConfiguration() { > } > public String getKeytabFile() { > return keytabFile; > } > public String getKeytabPrincipal() { > return keytabPrincipal; > } > @Override > public AppConfigurationEntry[] getAppConfigurationEntry(String appName) { > KEYTAB_KERBEROS_OPTIONS.put("keyTab", keytabFile); > KEYTAB_KERBEROS_OPTIONS.put("principal", keytabPrincipal); > return KEYTAB_KERBEROS_CONF; > } > } {code} > Kerberos client error information is as follows: > {code:java} > Exception in thread "main" javax.security.auth.login.LoginException: null > (5001) > at > jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:781) > at > jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:592) > at > java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726) > at > java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665) > at > java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663) > at java.base/java.security.AccessController.doPrivileged(Native Method) > at > java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663) > at > java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574) > at org.example.Main.main(Main.java:14) > Caused by: KrbException: null (5001) > at java.security.jgss/sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:76) > at > java.security.jgss/sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:326) > at > java.security.jgss/sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:371) > at > jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:753) > ... 8 more > Caused by: KrbException: Identifier doesn't match expected value (906) > at > java.security.jgss/sun.security.krb5.internal.KDCRep.init(KDCRep.java:140) > at java.security.jgss/sun.security.krb5.internal.ASRep.init(ASRep.java:64) > at > java.security.jgss/sun.security.krb5.internal.ASRep.<init>(ASRep.java:59) > at java.security.jgss/sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:60) > ... 11 more {code} > The position where NPE occurs on kerby-kdc is as follows: > !kdc-npe.png! -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org