Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
2.0.0-M1
-
None
-
None
-
* ApacheDS Trunk as KDC, encryption is set to "aes256-cts-hmac-sha1-96".
* Service: Apache HTTPD 2.2 with mod_auth_kerb
* Client: Linux with MIT Kerberos and Firefox 5
Description
The client accesses a SPNEGO protected website. When obtaining the service ticket the exception below is thrown.
When using "des-cbc-md5" encryption no exception is thrown and authentication works. I didn't test other encryption types, but they should be tested.
[13:38:25] ERROR [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - ERR_152 Unexpected exception: Missing argument
java.lang.IllegalArgumentException: Missing argument
at javax.crypto.spec.SecretKeySpec.<init>(SecretKeySpec.java:93)
at org.apache.directory.server.kerberos.shared.crypto.encryption.AesCtsSha1Encryption.processCipher(AesCtsSha1Encryption.java:176)
at org.apache.directory.server.kerberos.shared.crypto.encryption.AesCtsSha1Encryption.encrypt(AesCtsSha1Encryption.java:136)
at org.apache.directory.server.kerberos.shared.crypto.encryption.Aes256CtsSha1Encryption.encrypt(Aes256CtsSha1Encryption.java:30)
at org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionEngine.deriveRandom(EncryptionEngine.java:71)
at org.apache.directory.server.kerberos.shared.crypto.encryption.AesCtsSha1Encryption.deriveKey(AesCtsSha1Encryption.java:148)
at org.apache.directory.server.kerberos.shared.crypto.encryption.AesCtsSha1Encryption.calculateChecksum(AesCtsSha1Encryption.java:68)
at org.apache.directory.server.kerberos.shared.crypto.encryption.Aes256CtsSha1Encryption.calculateChecksum(Aes256CtsSha1Encryption.java:30)
at org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumHandler.verifyChecksum(ChecksumHandler.java:107)
at org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.verifyBodyChecksum(TicketGrantingService.java:305)
at org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.execute(TicketGrantingService.java:107)
at org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:172)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:716)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:427)
at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:245)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:486)
at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:456)
at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$1000(AbstractPollingConnectionlessIoAcceptor.java:61)
at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:414)
at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:636)