Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-8426

[Broker-J][Tests] Kerberos integration tests can sporadically fail in some environments

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: qpid-java-broker-8.0.0, qpid-java-broker-7.1.5, qpid-java-broker-7.1.6, qpid-java-broker-7.1.7, qpid-java-broker-7.1.8
    • Fix Version/s: None
    • Component/s: Java Tests
    • Labels:
      None

      Description

      Integration tests from test suites KerberosAuthenticationManagerTest and SpnegoAuthenticatorTest can fail as below

      [ERROR] Tests run: 4, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0.277 s <<< FAILURE! - in org.apache.qpid.server.security.auth.manager.KerberosAuthenticationManagerTest
      [ERROR] testCreateSaslNegotiator(org.apache.qpid.server.security.auth.manager.KerberosAuthenticationManagerTest)  Time elapsed: 0.095 s  <<< ERROR!
      java.security.PrivilegedActionException
            at org.apache.qpid.server.security.auth.manager.KerberosAuthenticationManagerTest.performNegotiation(KerberosAuthenticationManagerTest.java:242)
            at org.apache.qpid.server.security.auth.manager.KerberosAuthenticationManagerTest.authenticate(KerberosAuthenticationManagerTest.java:212)
            at org.apache.qpid.server.security.auth.manager.KerberosAuthenticationManagerTest.testCreateSaslNegotiator(KerberosAuthenticationManagerTest.java:137)
      Caused by: javax.security.sasl.SaslException: GSS initiate failed
            at org.apache.qpid.server.security.auth.manager.KerberosAuthenticationManagerTest.lambda$performNegotiation$0(KerberosAuthenticationManagerTest.java:245)
            at org.apache.qpid.server.security.auth.manager.KerberosAuthenticationManagerTest.performNegotiation(KerberosAuthenticationManagerTest.java:242)
            at org.apache.qpid.server.security.auth.manager.KerberosAuthenticationManagerTest.authenticate(KerberosAuthenticationManagerTest.java:212)
            at org.apache.qpid.server.security.auth.manager.KerberosAuthenticationManagerTest.testCreateSaslNegotiator(KerberosAuthenticationManagerTest.java:137)
      Caused by: org.ietf.jgss.GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - Server not found in Kerberos database)
            at org.apache.qpid.server.security.auth.manager.KerberosAuthenticationManagerTest.lambda$performNegotiation$0(KerberosAuthenticationManagerTest.java:245)
            at org.apache.qpid.server.security.auth.manager.KerberosAuthenticationManagerTest.performNegotiation(KerberosAuthenticationManagerTest.java:242)
            at org.apache.qpid.server.security.auth.manager.KerberosAuthenticationManagerTest.authenticate(KerberosAuthenticationManagerTest.java:212)
            at org.apache.qpid.server.security.auth.manager.KerberosAuthenticationManagerTest.testCreateSaslNegotiator(KerberosAuthenticationManagerTest.java:137)
      Caused by: sun.security.krb5.KrbException: Server not found in Kerberos database (7) - Server not found in Kerberos database
            at org.apache.qpid.server.security.auth.manager.KerberosAuthenticationManagerTest.lambda$performNegotiation$0(KerberosAuthenticationManagerTest.java:245)
            at org.apache.qpid.server.security.auth.manager.KerberosAuthenticationManagerTest.performNegotiation(KerberosAuthenticationManagerTest.java:242)
            at org.apache.qpid.server.security.auth.manager.KerberosAuthenticationManagerTest.authenticate(KerberosAuthenticationManagerTest.java:212)
            at org.apache.qpid.server.security.auth.manager.KerberosAuthenticationManagerTest.testCreateSaslNegotiator(KerberosAuthenticationManagerTest.java:137)
      Caused by: sun.security.krb5.Asn1Exception: Identifier doesn't match expected value (906)
            at org.apache.qpid.server.security.auth.manager.KerberosAuthenticationManagerTest.lambda$performNegotiation$0(KerberosAuthenticationManagerTest.java:245)
            at org.apache.qpid.server.security.auth.manager.KerberosAuthenticationManagerTest.performNegotiation(KerberosAuthenticationManagerTest.java:242)
            at org.apache.qpid.server.security.auth.manager.KerberosAuthenticationManagerTest.authenticate(KerberosAuthenticationManagerTest.java:212)
            at org.apache.qpid.server.security.auth.manager.KerberosAuthenticationManagerTest.testCreateSaslNegotiator(KerberosAuthenticationManagerTest.java:137
      

      The Apache kerby embedded kerberos server SimpleKdcServer is used in the failing tests. What is interesting that kerberos integration tests where ApacheDS Kerberos Server is used have never been seen failing sporadically (See SimpleLDAPAuthenticationManagerTest). Potentially, a switch from Kerby to ApacheDS Kerberos Server should solve the issue. Though, the original Kerby sources have been extracted from ApacheDS Kerberos Server implementation. The failures could be caused by configuration issue.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              orudyy Alex Rudyy
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: