; cohei...@apache.org
Cc: Apache Directory Developers List
Subject: RE: Kerby GSS tests?
>> Will we also be supporting it for the Default case as opposed to the Netty
>> case?
Sure, we will.
>> there is no validation of the service ticket. I will add this in
That's great.
ramework.
Regards,
Kai
-Original Message-
From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
Sent: Wednesday, April 29, 2015 8:50 PM
To: Zheng, Kai
Cc: ke...@directory.apache.org; Apache Directory Developers List
Subject: Re: Kerby GSS tests?
Cool, I'll try out the UDP support. W
> Regards,
> Kai
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Wednesday, April 29, 2015 6:38 PM
> To: ke...@directory.apache.org
> Cc: Apache Directory Developers List
> Subject: Re: Kerby GSS tests?
>
> Ok done!
hEigeartaigh [mailto:cohei...@apache.org]
Sent: Wednesday, April 29, 2015 6:38 PM
To: ke...@directory.apache.org
Cc: Apache Directory Developers List
Subject: Re: Kerby GSS tests?
Ok done!
Repository: directory-kerby
Updated Branches:
refs/heads/master e452f1854 -> eb2e4c1ae
Adding a GSS unit t
> Regards,
> Kai
>
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Monday, April 27, 2015 6:46 PM
> To: Zheng, Kai
> Cc: Apache Directory Developers List
> Subject: Re: Kerby GSS tests?
>
>
> Thanks, everything is working now :-) The remaining issue is
tSetting().getKdcConfig().setString(KdcConfigKey.TGS_PRINCIPAL,
>
> - "krbtgt/
> service.ws.apache@service.ws.apache.org");
>
> -
>
> +
>
> // Create principals
>
> String alice
at: 2015-04-24T15:56:40+08:00
>
> [INFO] Final Memory: 13M/262M
>
> [INFO]
>
>
> [drankye@zkdesk cxf-kerberos-kerby]$
>
>
>
> *From:* Colm O hEigeartaigh [mailto:cohei...@apache.org]
> *Sent:* Th
ook
> at it tomorrow, kinds of tired now. Thanks for your patience!
>
>
>
> Regards,
>
> Kai
>
>
>
> *From:* Colm O hEigeartaigh [mailto:cohei...@apache.org]
> *Sent:* Thursday, April 23, 2015 9:01 PM
>
> *To:* Zheng, Kai
> *Cc:* Apache Directory Developers Li
gt; *Sent:* Thursday, April 23, 2015 7:50 PM
>
> *To:* Apache Directory Developers List; cohei...@apache.org
> *Subject:* RE: Kerby GSS tests?
>
>
>
> Would you have a try with this? I will double check what’s the correct
> way. Thanks.
>
>
>
> @@ -281,7 +281,7
rds,
>
> Kai
>
>
>
> *From:* Zheng, Kai [mailto:kai.zh...@intel.com]
> *Sent:* Thursday, April 23, 2015 7:10 PM
>
> *To:* cohei...@apache.org
> *Cc:* Apache Directory Developers List
> *Subject:* RE: Kerby GSS tests?
>
>
>
> Yes you’re right. I’m working o
]
Sent: Thursday, April 23, 2015 7:25 PM
To: Apache Directory Developers List; cohei...@apache.org
Subject: RE: Kerby GSS tests?
Colm would you check the latest fix? Just committed, though I’m not perfectly
sure. It may has some other issues, but will check some time later, when having
tests in hand
Cc: Apache Directory Developers List
Subject: RE: Kerby GSS tests?
Yes you’re right. I’m working on a fix. Will let you know soon.
Regards,
Kai
From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
Sent: Thursday, April 23, 2015 7:09 PM
To: Zheng, Kai
Cc: Apache Directory Developers List
Yes you’re right. I’m working on a fix. Will let you know soon.
Regards,
Kai
From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
Sent: Thursday, April 23, 2015 7:09 PM
To: Zheng, Kai
Cc: Apache Directory Developers List
Subject: Re: Kerby GSS tests?
The first time we hit "issueTicket
e service ticket.
> Would you debug into the issueTicket() in KdcRequest and check what cname
> is set into the field?
>
>
>
> Regards,
>
> Kai
>
>
>
> *From:* Colm O hEigeartaigh [mailto:cohei...@apache.org]
> *Sent:* Thursday, April 23, 2015 6:43 PM
>
>
Request and check what cname is set into the
field?
Regards,
Kai
From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
Sent: Thursday, April 23, 2015 6:43 PM
To: Zheng, Kai
Cc: Apache Directory Developers List
Subject: Re: Kerby GSS tests?
Ok I've figured out what the problem was. I was c
1)
Any ideas?
Colm.
On Thu, Apr 23, 2015 at 10:53 AM, Zheng, Kai wrote:
> It may be caused by bad backend? What’s backend you used? I thought two
> keys should be the same anyway.
>
>
>
> *From:* Zheng, Kai
> *Sent:* Thursday, April 23, 2015 5:52 PM
> *To:* 'cohei...
It may be caused by bad backend? What’s backend you used? I thought two keys
should be the same anyway.
From: Zheng, Kai
Sent: Thursday, April 23, 2015 5:52 PM
To: 'cohei...@apache.org'
Cc: Apache Directory Developers List
Subject: RE: Kerby GSS tests?
Hi Colm,
Oh bad, looks like t
[mailto:cohei...@apache.org]
Sent: Thursday, April 23, 2015 5:38 PM
To: Zheng, Kai
Cc: Apache Directory Developers List
Subject: Re: Kerby GSS tests?
Hi Kai,
The two keys are not the same. They have the same encoding length + kvno +
tagno, but different byte[] content.
Colm.
On Wed, Apr 22, 2015 at 5:05 PM
>
> Kai
>
>
>
> *From:* Colm O hEigeartaigh [mailto:cohei...@apache.org]
> *Sent:* Wednesday, April 22, 2015 11:15 PM
> *To:* Apache Directory Developers List
> *Subject:* Re: Kerby GSS tests?
>
>
>
> Hi Kai,
>
> I get the same error (decryption err
you tomorrow.
Regards,
Kai
From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
Sent: Wednesday, April 22, 2015 11:15 PM
To: Apache Directory Developers List
Subject: Re: Kerby GSS tests?
Hi Kai,
I get the same error (decryption error) with this patch.
Colm.
On Wed, Apr 22, 2015 at 3:57 PM
> *Sent:* Wednesday, April 22, 2015 10:46 PM
>
> *To:* cohei...@apache.org
> *Cc:* Apache Directory Developers List
> *Subject:* RE: Kerby GSS tests?
>
>
>
> >> Are we sure that the tgsKey above is the right key to decrpyt the
> request?
>
> Yes, the ticket
[mailto:kai.zh...@intel.com]
Sent: Wednesday, April 22, 2015 10:46 PM
To: cohei...@apache.org
Cc: Apache Directory Developers List
Subject: RE: Kerby GSS tests?
>> Are we sure that the tgsKey above is the right key to decrpyt the request?
Yes, the ticket there to decrypt is actually for TGS to interpr
From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
Sent: Wednesday, April 22, 2015 10:01 PM
To: Zheng, Kai
Cc: Apache Directory Developers List
Subject: Re: Kerby GSS tests?
Looks good thanks! The next problem is an NPE in EncryptionHandler. This is
caused by a similar issue to before:
Good to this point. I’m looking at it and will respond a little later. Thanks!
Regards,
Kai
From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
Sent: Wednesday, April 22, 2015 10:01 PM
To: Zheng, Kai
Cc: Apache Directory Developers List
Subject: Re: Kerby GSS tests?
Looks good thanks! The
field in KdcReqBody should not be used in
> TgsReq
>
>
>
> Regards,
>
> Kai
>
>
>
> *From:* Zheng, Kai [mailto:kai.zh...@intel.com]
> *Sent:* Wednesday, April 22, 2015 8:36 PM
> *To:* Apache Directory Developers List; cohei...@apache.org
>
> *Subject:* RE: K
...@intel.com]
Sent: Wednesday, April 22, 2015 8:36 PM
To: Apache Directory Developers List; cohei...@apache.org
Subject: RE: Kerby GSS tests?
I just checked the codes in MIT Kerberos. It was clear we should use the value
of TgsReq->pa->ApReq->ticket->encpart->cname. The cname fie
intel.com]
Sent: Wednesday, April 22, 2015 7:37 PM
To: cohei...@apache.org
Cc: Apache Directory Developers List
Subject: RE: Kerby GSS tests?
Hi Colm,
Thanks for your good progress and analysis. I’m not sure how KDC would handle
in such case, but a possibility is to use the client principal
check and make sure which way we
should go later. Thanks.
Regards,
Kai
From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
Sent: Wednesday, April 22, 2015 6:17 PM
To: Zheng, Kai
Cc: Apache Directory Developers List
Subject: Re: Kerby GSS tests?
Ok with the current code I've made some pro
ilto:cohei...@apache.org]
> *Sent:* Tuesday, April 21, 2015 8:53 PM
>
> *To:* Apache Directory Developers List
> *Subject:* Re: Kerby GSS tests?
>
>
>
> Hi Kiran,
>
> > The enctypes should always be sorted from the most to least
> strong/preferred on the server side
I’d like to follow this issue.
Thanks
Jiajia
From: Kiran Ayyagari [mailto:kayyag...@apache.org]
Sent: Tuesday, April 21, 2015 9:40 PM
To: Apache Directory Developers List; Colm O hEigeartaigh
Subject: Re: Kerby GSS tests?
On Tue, Apr 21, 2015 at 8:52 PM, Colm O hEigeartaigh
mailto:cohei
ed by the client.
>>
>> Thanks again.
>>>
>>>
>>>
>>> Regards,
>>>
>>> Kai
>>>
>>>
>>>
>>> *From:* Colm O hEigeartaigh [mailto:cohei...@apache.org]
>>> *Sent:* Tuesday, April 21, 2015 7:3
ey clientKey =
> clientEntry.getKeys().get(encType);
> +setClientKey(clientKey);
> +break;
> +}
> +}
>
>
>
> Regards,
>
> Kai
>
>
>
> *From:* Colm O hEigeartaigh [mailto:cohei...@apache.org]
> *Sent:* Tuesday, April 21, 20
...@apache.org]
Sent: Tuesday, April 21, 2015 8:53 PM
To: Apache Directory Developers List
Subject: Re: Kerby GSS tests?
Hi Kiran,
> The enctypes should always be sorted from the most to least strong/preferred
> on the server side
Is there any existing code in Apache Directory along these
enctypes should always be sorted from the most to least
> strong/preferred on the server side
> and then pick the best from the ones requested by the client.
>
> Thanks again.
>>
>>
>>
>> Regards,
>>
>> Kai
>>
>>
>>
>> *From:*
0 is there instead of null, for time fields
> in kdc request. Would you double check other time values by the way? Thanks!
>
>
>
> Regards,
>
> Kai
>
>
>
> *From:* Colm O hEigeartaigh [mailto:cohei...@apache.org]
> *Sent:* Tuesday, April 21, 2015 7:11 PM
>
>
> *
different enctypes that
the KdcServer doesn’t support/enable yet.
Thanks again.
Regards,
Kai
From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
Sent: Tuesday, April 21, 2015 7:33 PM
To: Apache Directory Developers List
Subject: Re: Kerby GSS tests?
Hi Kai,
I've found another bug. We are
ther time values by the way?
>> Thanks!
>>
>>
>>
>> Regards,
>>
>> Kai
>>
>>
>>
>> *From:* Colm O hEigeartaigh [mailto:cohei...@apache.org]
>> *Sent:* Tuesday, April 21, 2015 7:11 PM
>>
>> *To:* Apache Directory Dev
;
>
> *From:* Colm O hEigeartaigh [mailto:cohei...@apache.org]
> *Sent:* Tuesday, April 21, 2015 7:11 PM
>
> *To:* Apache Directory Developers List
> *Subject:* Re: Kerby GSS tests?
>
>
>
>
>
> The problem above is that the "end time" is 0 instead of "
Subject: Re: Kerby GSS tests?
The problem above is that the "end time" is 0 instead of "null". What do you
think of this patch?
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb
index 3d49af3..23275fc 100644
--- a/kerby-kerb/kerb-server/src/
c config key enumeration.
Regards,
Kai
From: Colm O hEigeartaigh
[mailto:cohei...@apache.org<mailto:cohei...@apache.org>]
Sent: Tuesday, April 21, 2015 6:34 PM
To: Apache Directory Developers List
Subject: Re: Kerby GSS tests?
Actually I spoke too soon, I do know how to reproduce the &
>
>
>>
>>
>> If you don’t want to trouble with the config stuff, please just change
>> the default value of PREAUTH_REQUIRED in krb/kdc config key enumeration.
>>
>>
>>
>> Regards,
>>
>> Kai
>>
>>
>>
>> *From:*
krb/kdc config key enumeration.
>
>
>
> Regards,
>
> Kai
>
>
>
> *From:* Colm O hEigeartaigh [mailto:cohei...@apache.org]
> *Sent:* Tuesday, April 21, 2015 6:34 PM
> *To:* Apache Directory Developers List
> *Subject:* Re: Kerby GSS tests?
>
>
>
Directory Developers List
Subject: Re: Kerby GSS tests?
Hi Kai,
Thanks for your response. I have a test-case of sorts that shows the interop
failure (although I can't reproduce the issue I reported yesterday about the
preauthentication data).
https://github.com/coheigea/testcases/tree/m
good to record them.
For the issue you ran into, do you have test codes to repeat it, so we may have
the chance to look at it? Thanks.
Regards,
Kai
From: Colm O hEigeartaigh
[mailto:cohei...@apache.org<mailto:cohei...@apache.org>]
Sent: Monday, April 20, 2015 10:40 PM
To: Apache Direc
Network and NettyKdcNetwork are
>> to be done yet. I originally got them done some days ago, but recently I
>> was extremely busy with other projects, so kinds of delayed. Sure JIRAs
>> would be good to record them.
>>
>>
>>
>> For the issue you ran into, do you have test cod
record them.
>
>
>
> For the issue you ran into, do you have test codes to repeat it, so we may
> have the chance to look at it? Thanks.
>
>
>
> Regards,
>
> Kai
>
>
>
> *From:* Colm O hEigeartaigh [mailto:cohei...@apache.org]
> *Sent:* Monday, Apri
Sent: Tuesday, April 21, 2015 6:21 AM
To: Apache Directory Developers List; Colm O hEigeartaigh
Subject: Re: Kerby GSS tests?
On Mon, Apr 20, 2015 at 10:40 PM, Colm O hEigeartaigh
mailto:cohei...@apache.org>> wrote:
Hi all,
Are there any tests in the source (or has anyone successful
it? Thanks.
Regards,
Kai
From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
Sent: Monday, April 20, 2015 10:40 PM
To: Apache Directory Developers List
Subject: Kerby GSS tests?
Hi all,
Are there any tests in the source (or has anyone successfully tested) a Java
GSS client -> Apache Ke
On Mon, Apr 20, 2015 at 10:40 PM, Colm O hEigeartaigh
wrote:
> Hi all,
>
> Are there any tests in the source (or has anyone successfully tested) a
> Java GSS client -> Apache Kerby?
>
> The first issue I ran into was that neither the KdcNetwork nor the
> NettyKdcNetwork work with UDP. Is there a
Hi all,
Are there any tests in the source (or has anyone successfully tested) a
Java GSS client -> Apache Kerby?
The first issue I ran into was that neither the KdcNetwork nor the
NettyKdcNetwork work with UDP. Is there a JIRA for this (or any plans to
fix it)?
I could work around the above by s
50 matches
Mail list logo
