You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Josef Cacek (Jira)" <ji...@apache.org> on 2020/06/25 09:02:00 UTC
[jira] [Created] (DIRKRB-744) Add possibility to use custom
ReplayCache implementation
Josef Cacek created DIRKRB-744:
----------------------------------
Summary: Add possibility to use custom ReplayCache implementation
Key: DIRKRB-744
URL: https://issues.apache.org/jira/browse/DIRKRB-744
Project: Directory Kerberos
Issue Type: Improvement
Reporter: Josef Cacek
Add the possibility to configure the ReplayCache implementation (or disable replay cache) in KDC.
When the KdcServer is used in embedded tests, and tests run in parallel, they intermittently fail with "Request is a replay (34) - Request is a replay".
I saw the problematic behavior in JBoss AS testsuite:
[https://issues.redhat.com/browse/JBPAPP-10974]
And also in Hazelcast Enterprise tests:
[https://github.com/hazelcast/hazelcast-enterprise/issues/3646]
JBoss resolves it by injecting dummy ReplayCache implementation by using reflection: [https://source.jboss.org/changelog/JBossAS6?cs=114679&_sscc=t]
We will probably disable parallel test execution in Hazelcast to workaround it.
It would be great to have a possibility to configure the implementing class in the {{@CreateKdcServer annotation.}}
h3. {{Stacktrace from a failing test}}
{{KrbException: Request is a replay (34) - Request is a replayKrbException: Request is a replay (34) - Request is a replay at java.security.jgss/sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:73) at java.security.jgss/sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:250) at java.security.jgss/sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:261) at java.security.jgss/sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:308) at java.security.jgss/sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:126) at java.security.jgss/sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:458) at java.security.jgss/sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:695) at java.security.jgss/sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:265) at java.security.jgss/sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:196) at com.hazelcast.security.impl.KerberosCredentialsFactory.createTokenCredentials(KerberosCredentialsFactory.java:163) at com.hazelcast.security.impl.KerberosCredentialsFactory.lambda$0(KerberosCredentialsFactory.java:127) at java.base/java.security.AccessController.doPrivileged(Native Method) at java.base/javax.security.auth.Subject.doAs(Subject.java:361) at com.hazelcast.security.impl.KerberosCredentialsFactory.newCredentials(KerberosCredentialsFactory.java:127) at com.hazelcast.security.impl.KerberosCredentialsFactory.newCredentials(KerberosCredentialsFactory.java:148) at com.hazelcast.security.loginimpl.GssApiLoginModuleTest.getKerberosCredentials(GssApiLoginModuleTest.java:169) at com.hazelcast.security.loginimpl.GssApiLoginModuleTest.testCutOffRealmFromName(GssApiLoginModuleTest.java:132) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:564) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47) at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) at com.hazelcast.test.FailOnTimeoutStatement$CallableStatement.call(FailOnTimeoutStatement.java:114) at com.hazelcast.test.FailOnTimeoutStatement$CallableStatement.call(FailOnTimeoutStatement.java:1) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.lang.Thread.run(Thread.java:844)Caused by: KrbException: Identifier doesn't match expected value (906) at java.security.jgss/sun.security.krb5.internal.KDCRep.init(KDCRep.java:140) at java.security.jgss/sun.security.krb5.internal.TGSRep.init(TGSRep.java:65) at java.security.jgss/sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:60) at java.security.jgss/sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:55) ... 28 more}}{{ }}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org