You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Colm O hEigeartaigh (Jira)" <ji...@apache.org> on 2020/09/08 07:22:00 UTC
[jira] [Updated] (DIRSERVER-2327) Add possibility to use custom
ReplayCache implementation
[ https://issues.apache.org/jira/browse/DIRSERVER-2327?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh updated DIRSERVER-2327:
-------------------------------------------
Key: DIRSERVER-2327 (was: DIRKRB-744)
Project: Directory ApacheDS (was: Directory Kerberos)
> Add possibility to use custom ReplayCache implementation
> --------------------------------------------------------
>
> Key: DIRSERVER-2327
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2327
> Project: Directory ApacheDS
> Issue Type: Improvement
> Reporter: Josef Cacek
> Priority: Major
>
> Add the possibility to configure the ReplayCache implementation (or disable replay cache) in KDC.
> When the KdcServer is used in embedded tests, and tests run in parallel, they intermittently fail with "Request is a replay (34) - Request is a replay".
> I saw the problematic behavior in JBoss AS testsuite:
> [https://issues.redhat.com/browse/JBPAPP-10974]
>
> And also in Hazelcast Enterprise tests:
> [https://github.com/hazelcast/hazelcast-enterprise/issues/3646]
>
> JBoss resolves it by injecting dummy ReplayCache implementation by using reflection: [https://source.jboss.org/changelog/JBossAS6?cs=114679&_sscc=t]
>
> We will probably disable parallel test execution in Hazelcast to workaround it.
> It would be great to have a possibility to configure the implementing class in the {{@CreateKdcServer annotation.}}
> h3. {{Stacktrace from a failing test}}
>
> {{KrbException: Request is a replay (34) - Request is a replayKrbException: Request is a replay (34) - Request is a replay at java.security.jgss/sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:73) at java.security.jgss/sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:250) at java.security.jgss/sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:261) at java.security.jgss/sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:308) at java.security.jgss/sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:126) at java.security.jgss/sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:458) at java.security.jgss/sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:695) at java.security.jgss/sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:265) at java.security.jgss/sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:196) at com.hazelcast.security.impl.KerberosCredentialsFactory.createTokenCredentials(KerberosCredentialsFactory.java:163) at com.hazelcast.security.impl.KerberosCredentialsFactory.lambda$0(KerberosCredentialsFactory.java:127) at java.base/java.security.AccessController.doPrivileged(Native Method) at java.base/javax.security.auth.Subject.doAs(Subject.java:361) at com.hazelcast.security.impl.KerberosCredentialsFactory.newCredentials(KerberosCredentialsFactory.java:127) at com.hazelcast.security.impl.KerberosCredentialsFactory.newCredentials(KerberosCredentialsFactory.java:148) at com.hazelcast.security.loginimpl.GssApiLoginModuleTest.getKerberosCredentials(GssApiLoginModuleTest.java:169) at com.hazelcast.security.loginimpl.GssApiLoginModuleTest.testCutOffRealmFromName(GssApiLoginModuleTest.java:132) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:564) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47) at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) at com.hazelcast.test.FailOnTimeoutStatement$CallableStatement.call(FailOnTimeoutStatement.java:114) at com.hazelcast.test.FailOnTimeoutStatement$CallableStatement.call(FailOnTimeoutStatement.java:1) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.lang.Thread.run(Thread.java:844)Caused by: KrbException: Identifier doesn't match expected value (906) at java.security.jgss/sun.security.krb5.internal.KDCRep.init(KDCRep.java:140) at java.security.jgss/sun.security.krb5.internal.TGSRep.init(TGSRep.java:65) at java.security.jgss/sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:60) at java.security.jgss/sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:55) ... 28 more}}{{ }}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org