Uploaded image for project: 'Directory ApacheDS'
  1. Directory ApacheDS
  2. DIRSERVER-2156

ApacheDS issues TGT kerberos ticket with address on IBM java

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.0.0-M20
    • Fix Version/s: None
    • Component/s: kerberos
    • Labels:
      None

      Description

      ApacheDS issues TGT kerberos ticket with address on IBM java , even if
      noaddresses = true is explicitelly set in krb5.conf.

      Address in ticket causing problem, because ApacheDS check address in ticket with address of connection. And that leads to error "error 38 Incorrect net address"

      I dont see this issue on IBM java and Active Directory, for instance, so I
      think it is not problem of client code.

      Also note that running ApacheDS with openJDK and oracle java I also don't
      see this.

      Only problematic combination is is ApacheDS vs. IBM java 8

      Tested use case is identity propagation / delegation.

      In attachment you can find relevant log with org.apache.directory.server.KERBEROS_LOG set to DEBUG for oracle and ibm java.

        Attachments

        1. IBMJavaIdentityPropagation.log
          217 kB
          Martin Choma
        2. IBMJavaIdentityPropagation.pcapng
          6 kB
          Martin Choma
        3. OracleJavaIdentityPropagation.log
          159 kB
          Martin Choma
        4. OracleJavaIdentityPropagation.pcapng
          8 kB
          Martin Choma

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              mchoma Martin Choma
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: