You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Kai Zheng (JIRA)" <ji...@apache.org> on 2015/11/23 10:23:11 UTC
[jira] [Commented] (DIRKRB-472) Use sessionkey or subkey
appropriately
[ https://issues.apache.org/jira/browse/DIRKRB-472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15021828#comment-15021828 ]
Kai Zheng commented on DIRKRB-472:
----------------------------------
In current codes, when running Kerby client -> MIT KDC, it will throw:
{noformat}
Exception in thread "main" org.apache.kerby.kerberos.kerb.KrbException: Integrity check on decrypted field failed
at org.apache.kerby.kerberos.kerb.crypto.enc.KeKiEnc.decryptWith(KeKiEnc.java:127)
at org.apache.kerby.kerberos.kerb.crypto.enc.AbstractEncTypeHandler.decrypt(AbstractEncTypeHandler.java:150)
at org.apache.kerby.kerberos.kerb.crypto.enc.AbstractEncTypeHandler.decrypt(AbstractEncTypeHandler.java:138)
at org.apache.kerby.kerberos.kerb.crypto.EncryptionHandler.decrypt(EncryptionHandler.java:244)
at org.apache.kerby.kerberos.kerb.common.EncryptionUtil.unseal(EncryptionUtil.java:136)
at org.apache.kerby.kerberos.kerb.client.request.TgsRequest.processResponse(TgsRequest.java:82)
at org.apache.kerby.kerberos.kerb.client.KrbHandler.onResponseMessage(KrbHandler.java:113)
at org.apache.kerby.kerberos.kerb.client.impl.DefaultKrbHandler.handleRequest(DefaultKrbHandler.java:47)
at org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbClient.doRequestServiceTicket(DefaultInternalKrbClient.java:86)
at org.apache.kerby.kerberos.kerb.client.impl.AbstractInternalKrbClient.requestServiceTicket(AbstractInternalKrbClient.java:139)
at org.apache.kerby.kerberos.kerb.client.KrbClient.requestServiceTicketWithTgt(KrbClient.java:267)
at org.apache.kerby.kerberos.tool.kinit.KinitTool.requestTicket(KinitTool.java:161)
at org.apache.kerby.kerberos.tool.kinit.KinitTool.main(KinitTool.java:229)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:140)
{noformat}
> Use sessionkey or subkey appropriately
> --------------------------------------
>
> Key: DIRKRB-472
> URL: https://issues.apache.org/jira/browse/DIRKRB-472
> Project: Directory Kerberos
> Issue Type: Bug
> Reporter: Kai Zheng
> Assignee: Kai Zheng
>
> It looks like we need to revisit related codes across client and server to ensure session key or subkey is used appropriately. The changes should make both MIT Kerberos and Oracle Java happy conforming to the spec.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)