[jboss-jira] [JBoss JIRA] (WFLY-3060) Rare KrbException: Request is a replay issue in negotiation tests
Dominik Pospisil (JIRA)
issues at jboss.org
Tue Mar 11 04:19:10 EDT 2014
[ https://issues.jboss.org/browse/WFLY-3060?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dominik Pospisil closed WFLY-3060.
----------------------------------
Resolution: Done
> Rare KrbException: Request is a replay issue in negotiation tests
> -----------------------------------------------------------------
>
> Key: WFLY-3060
> URL: https://issues.jboss.org/browse/WFLY-3060
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Test Suite
> Affects Versions: 8.0.0.Final
> Reporter: Dominik Pospisil
> Assignee: Ondrej Zizka
>
> The failures happend while sending second TGS-REQ ticket from client to kerberos KDC server.
> The cause seems to be a limitation of ApacheDS kerberos server used in the test case. The ApacheDS employs simple replay detection mechanism based on in-memory ticket cache service. The cache stores client and server credentials and ticket timestamp. Specificaly, the cache do not store ticket content.
> During GSS SecContext establishment, there are 2 TGS-REQ tickets sent from the client (sun.security.jgss.krb5.GSSContextSpi). First to acquire service credentials ticket and second to get SecContext ticket. The second ticket is being send immediatelly after the fisrt one. If the second (valid) ticket is sent with the same timestamp as the first one, the ApacheDS treats the second one as a false positive and throw Request is a replay kerberos exception.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list