You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Frank Ren (JIRA)" <ji...@apache.org> on 2013/04/11 01:31:17 UTC
[jira] [Commented] (DIRSTUDIO-900) Server not found in Kerberos
database
[ https://issues.apache.org/jira/browse/DIRSTUDIO-900?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13628431#comment-13628431 ]
Frank Ren commented on DIRSTUDIO-900:
-------------------------------------
I'm sorry for the tag, patch. I didn't expect that when I believed my cursor was in the editor, and I pressed enter key twice. I was about to insert the following at the very beginning.
I'm not sure of the version because of a recent update using the update site. I found the version label in about dialog.
Version: 2.0.0.v20130308
> Server not found in Kerberos database
> -------------------------------------
>
> Key: DIRSTUDIO-900
> URL: https://issues.apache.org/jira/browse/DIRSTUDIO-900
> Project: Directory Studio
> Issue Type: Bug
> Components: studio-connection
> Affects Versions: 2.0.0-M6
> Environment: ubuntu 10.04 64bit (I don't think it was relevant.)
> Reporter: Frank Ren
> Labels: patch
>
> Follow it to the last step here, 4.2 - Authenticate with Studio — Apache Directory
> http://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html
> Please read the (1) error message, and (2) server log at the bottom.
> Everything is Okay if tested against 4.1 - Authenticate with kinit on Linux — Apache Directory
> http://directory.apache.org/apacheds/kerberos-ug/4.1-authenticate-kinit.html
> renfeng@dreadnought:~$ kinit --version
> kinit (Heimdal 1.2.1)
> Copyright 1995-2008 Kungliga Tekniska H�gskolan
> Send bug-reports to heimdal-bugs@h5l.org
> renfeng@dreadnought:~$ kinit test4
> test4@ROMEO-FOXTROT.COM's Password:
> renfeng@dreadnought:~$ klist -v
> Credentials cache: FILE:/tmp/krb5cc_1000
> Principal: test4@ROMEO-FOXTROT.COM
> Cache version: 4
> Server: krbtgt/ROMEO-FOXTROT.COM@ROMEO-FOXTROT.COM
> Client: test4@ROMEO-FOXTROT.COM
> Ticket etype: aes128-cts-hmac-sha1-96
> Ticket length: 253
> Auth time: Apr 11 07:10:58 2013
> End time: Apr 11 17:10:58 2013
> Ticket flags: forwardable, proxiable, initial, pre-authenticated
> Addresses: addressless
> Nothing abnormal in server log.
> [07:10:58] ERROR [org.apache.directory.server.KERBEROS_LOG] - No timestamp found
> [07:10:58] WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Additional pre-authentication required (25)
> [07:10:58] WARN [org.apache.directory.server.KERBEROS_LOG] - Additional pre-authentication required (25)
> The problem must have been caused by reverse dns lookup. When the following line was inserted into /etc/hosts, the problem is gone.
> 121.228.65.198 dreadnought.romeo-foxtrot.com
> Conclusion: a reverse dns lookup when apacheds studio authenticates agains kerberos server is unexpected, and should be unnecessary.
> ----
> (1) error message
> Error while opening connection
> - java.security.PrivilegedActionException: org.apache.directory.api.ldap.model.exception.LdapException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - Server not found in Kerberos database)]
> org.apache.directory.api.ldap.model.exception.LdapException: java.security.PrivilegedActionException: org.apache.directory.api.ldap.model.exception.LdapException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - Server not found in Kerberos database)]
> at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1469)
> at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1361)
> at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:446)
> at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1174)
> at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:459)
> at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:307)
> at org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
> at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
> at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
> Caused by: java.security.PrivilegedActionException: org.apache.directory.api.ldap.model.exception.LdapException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - Server not found in Kerberos database)]
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:416)
> at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1459)
> ... 8 more
> Caused by: org.apache.directory.api.ldap.model.exception.LdapException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - Server not found in Kerberos database)]
> at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindSasl(LdapNetworkConnection.java:3825)
> at org.apache.directory.ldap.client.api.LdapNetworkConnection.access$200(LdapNetworkConnection.java:176)
> at org.apache.directory.ldap.client.api.LdapNetworkConnection$2.run(LdapNetworkConnection.java:1463)
> ... 11 more
> Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - Server not found in Kerberos database)]
> at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:212)
> at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindSasl(LdapNetworkConnection.java:3735)
> ... 13 more
> Caused by: GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - Server not found in Kerberos database)
> at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:679)
> at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
> at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:180)
> at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:193)
> ... 14 more
> Caused by: KrbException: Server not found in Kerberos database (7) - Server not found in Kerberos database
> at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:72)
> at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:193)
> at sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:205)
> at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:297)
> at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:114)
> at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:556)
> at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:610)
> ... 17 more
> Caused by: KrbException: Identifier doesn't match expected value (906)
> at sun.security.krb5.internal.KDCRep.init(KDCRep.java:144)
> at sun.security.krb5.internal.TGSRep.init(TGSRep.java:65)
> at sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:60)
> at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:54)
> ... 23 more
> java.security.PrivilegedActionException: org.apache.directory.api.ldap.model.exception.LdapException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - Server not found in Kerberos database)]
> ----
> (2) server log
> [06:56:08] ERROR [org.apache.directory.server.KERBEROS_LOG] - No timestamp found
> [06:56:08] WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Additional pre-authentication required (25)
> [06:56:08] WARN [org.apache.directory.server.KERBEROS_LOG] - Additional pre-authentication required (25)
> [06:56:08] WARN [org.apache.directory.server.protocol.shared.kerberos.StoreUtils] - No server entry found for kerberos principal name ldap/121.228.65.198@ROMEO-FOXTROT.COM
> [06:56:08] WARN [org.apache.directory.server.KERBEROS_LOG] - No server entry found for kerberos principal name ldap/121.228.65.198@ROMEO-FOXTROT.COM
> [06:56:08] WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Server not found in Kerberos database (7)
> [06:56:08] WARN [org.apache.directory.server.KERBEROS_LOG] - Server not found in Kerberos database (7)
> [06:56:08] ERROR [org.apache.directory.server.ldap.handlers.request.UnbindRequestHandler] - ERR_169 failed to unbind session properly
> org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException: ERR_268 Cannot find a partition for
> at org.apache.directory.server.core.shared.partition.DefaultPartitionNexus.getPartition(DefaultPartitionNexus.java:927)
> at org.apache.directory.server.core.shared.partition.DefaultPartitionNexus.unbind(DefaultPartitionNexus.java:794)
> at org.apache.directory.server.core.api.interceptor.BaseInterceptor$1.unbind(BaseInterceptor.java:266)
> at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:690)
> at org.apache.directory.server.core.authn.AuthenticationInterceptor.unbind(AuthenticationInterceptor.java:1159)
> at org.apache.directory.server.core.DefaultOperationManager.unbind(DefaultOperationManager.java:1230)
> at org.apache.directory.server.core.shared.DefaultCoreSession.unbind(DefaultCoreSession.java:1073)
> at org.apache.directory.server.ldap.handlers.request.UnbindRequestHandler.handle(UnbindRequestHandler.java:50)
> at org.apache.directory.server.ldap.handlers.request.UnbindRequestHandler.handle(UnbindRequestHandler.java:38)
> at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:219)
> at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
> at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221)
> at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217)
> at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690)
> at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
> at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
> at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
> at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
> at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
> at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474)
> at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428)
> at java.lang.Thread.run(Thread.java:679)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira