[jboss-jira] [JBoss JIRA] (ELY-483) GssapiTestSuite and Gs2Test fail with com.ibm.security.krb5.KrbException, status code: 9 for IBM JDK

Tue Apr 5 04:06:00 EDT 2016

    [ https://issues.jboss.org/browse/ELY-483?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13186427#comment-13186427 ] 

Ondrej Lukas commented on ELY-483:
----------------------------------

Issue can be fixed by using {{aes128-cts-hmac-sha1-96}} instead of used {{des-cbc-md5,des3-cbc-sha1-kd}} in default_tgs_enctypes and default_tkt_enctypes in krb5.conf. However this modification leads to test failures in following tests (with all JDKs):

org.wildfly.security.sasl.gssapi.compatibility.BasicAuthTest.testAuth
org.wildfly.security.sasl.gssapi.compatibility.BasicConfidenceTest.testAuthConf
org.wildfly.security.sasl.gssapi.compatibility.BasicIntegrityTest.testAuthInt
org.wildfly.security.sasl.gssapi.compatibility.NoServerAuthTest.testAuth

They fail with org.junit.ComparisonFailure. Thrown exception (for BasicAuthTest):
{code}
org.junit.ComparisonFailure: expected:<60820[20406092a864886f71201020201006e8201f3308201efa003020105a10302010ea20703050020000000a382010b6182010730820103a003020105a10d1b0b57494c44464c592e4f5247a220301ea003020100a11730151b047361736c1b0d746573745f7365727665725f31a381ca3081c7a003020110a281bf0481bc35c0e8fcda8a25bc04a0f0b15bd2007a8eaf706c6e282746f2520a0df3b2981a5c550647ac08cca70c8591e3e9f85c166f0b64a30af8c77b185cc8c3708e6d113ba90fca1a47e21540fedfc8b92e2427e601ba7d6c304483bf43bc85a8efe9936004c5b0132700426dd4427478338a389f6e0dec8125a7ec571859866349f9604730e45373bd956d86814943d8a1b11c9cf5a84c5722a5a665f7705884fc14b0d74c16547c92ec8b561c7c07f7ea6cdea07286ac4c4a2187a15e775da481ca3081c7a003020110a281bf0481bc7b05b4ad61dc02fb178b29d6aa5d79f05ee5d0c23a99204525c4927824b390f5ebd1cadcaa97ead6c3bdaf8c11d6c6e45c7b9270a9ddc44c52c6fe7ac29456590c3981aedc84aaad551dbcec2b9b930841713bff6d18f7df4e7ef27dafd06a60a7c2eeb1c18dd3d49579f98aca996eefda0741a98f2aa3f43328b29273e0c7984add0ebc10d77e11b099f9414d5c2d7330da9dcb090099f9d4985f924c6b524b97078589c10483df52419e2e0a8782f092705cea03807607c1f7c2d5]> but was:<60820[1ea06092a864886f71201020201006e8201d9308201d5a003020105a10302010ea20703050020000000a381fe6181fb3081f8a003020105a10d1b0b57494c44464c592e4f5247a220301ea003020100a11730151b047361736c1b0d746573745f7365727665725f31a381bf3081bca003020111a281b40481b1272e8ac7a1076eb28b918843a0895247793a142ec9ed9594714ef580f82a1746394397cca3f2c51c2eddce8fee723b8183c41da459c4124d5e9f75cf64f76303adefa67e8829d2dcd50531a7dcbf378481b35929ae30b96079b7c7b26d511680c67705b76aa1df3386128d4ead0347f3d0c7e77de49fd6fd0630fb9c3d4a509aa492fa0f3a38b2875957be56d6ae3ae59afd5316c5eca24000513533c105b8585d488b236d311ef151090b9ea17081b47fa481be3081bba003020111a281b30481b0da333a40f41650b8fad4cc74daca10d547a683ccba10adca1141e96823fafb5e60606178e5762d5bcfad806c9e8491fa71c0ba8d06d8f7c47ff44af5f15769eac46db39a791b1b0751a2d855af15f78cc18afe128f4feab642d89b8f185229c2ec95b8758694ca443a525522bc6e11c5f1c62a8015c0a73ed09a2a942a939d97a1cb026eed1d45d04b898a7159cb8ab87f4a8332b6c950f8c50f40cd9ceed1845f6cf5a2f2a2cbe170bb34db4ff61a59]>
	at org.wildfly.security.sasl.gssapi.compatibility.BasicAuthTest.testAuth(BasicAuthTest.java:75)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.lang.reflect.Method.invoke(Method.java:497)
	at org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:367)
	at org.apache.maven.surefire.junit4.JUnit4Provider.executeWithRerun(JUnit4Provider.java:274)
	at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:238)
	at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:161)
	at org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:290)
	at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:242)
	at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:121)
{code}

> GssapiTestSuite and Gs2Test fail with com.ibm.security.krb5.KrbException, status code: 9 for IBM JDK
> ----------------------------------------------------------------------------------------------------
>
>                 Key: ELY-483
>                 URL: https://issues.jboss.org/browse/ELY-483
>             Project: WildFly Elytron
>          Issue Type: Bug
>    Affects Versions: 1.1.0.Beta5
>            Reporter: Ondrej Lukas
>            Assignee: Darran Lofthouse
>
> Test cases initialization from GssapiTestSuite and Gs2Test fail with following exception for IBM JDK:
> {code}
> javax.security.auth.login.FailedLoginException: 
> Login error: com.ibm.security.krb5.KrbException, status code: 9
> 	message: The client or server has a null key
> 	at com.ibm.security.jgss.i18n.I18NException.throwFailedLoginException(I18NException.java:15)
> 	at com.ibm.security.auth.module.Krb5LoginModule.j(Krb5LoginModule.java:727)
> 	at com.ibm.security.auth.module.Krb5LoginModule.b(Krb5LoginModule.java:307)
> 	at com.ibm.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:59)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95)
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
> 	at java.lang.reflect.Method.invoke(Method.java:507)
> 	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:788)
> 	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:196)
> 	at javax.security.auth.login.LoginContext$5.run(LoginContext.java:721)
> 	at javax.security.auth.login.LoginContext$5.run(LoginContext.java:719)
> 	at java.security.AccessController.doPrivileged(AccessController.java:686)
> 	at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:719)
> 	at javax.security.auth.login.LoginContext.login(LoginContext.java:593)
> 	at org.wildfly.security.sasl.gssapi.JaasUtil.login(JaasUtil.java:71)
> 	at org.wildfly.security.sasl.gssapi.JaasUtil.loginClient(JaasUtil.java:53)
> 	at org.wildfly.security.sasl.gssapi.JdkClientJdkServer.initialise(JdkClientJdkServer.java:47)
>     ...
> {code}
> It is test case issue but it can hide any another functional issue because affected tests are not running with IBM JDK.

--
This message was sent by Atlassian JIRA
(v6.4.11#64026)