-
Bug
-
Resolution: Fixed
-
P4
-
9
-
b174
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8182347 | 10 | Weijun Wang | P4 | Resolved | Fixed | b13 |
JDK-8182000 | 9.0.4 | Weijun Wang | P4 | Resolved | Fixed | b01 |
JDK-8328320 | 8 | Hari Rakesh | P4 | Resolved | Delivered |
Observed once in recent jdk9 CI job
Please refer to the test output below:
----------System.out:(218/12838)----------
Start KDC on 11514
Java config name: localkdc-krb5.conf
Loading krb5 profile at /scratch/mesos/slaves/9e9fe5f0-95a3-47d3-967f-11902fd45223-S13277/frameworks/1735e8a2-a1db-478c-8104-60c8b0af87dd-0196/executors/7b06fb97-d84a-4d26-912f-3c73cc4d33b4/runs/16917fc8-5ef2-491a-aee8-7fac93d98df4/testoutput/jtreg/JTwork/scratch/2/localkdc-krb5.conf
Loaded from Java config
>>> KdcAccessibility: reset
>>> KdcAccessibility: reset
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23.
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23.
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23.
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23.
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23.
>>> KeyTabEntry: key tab entry size is 87
>>> KeyTabEntry: key tab entry size is 71
>>> KeyTabEntry: key tab entry size is 79
>>> KeyTabEntry: key tab entry size is 71
>>> KeyTabEntry: key tab entry size is 67
>>> KeyTabEntry: key tab entry size is 51
>>> KeyTabEntry: key tab entry size is 59
>>> KeyTabEntry: key tab entry size is 51
>>> KeyTabEntry: key tab entry size is 65
>>> KeyTabEntry: key tab entry size is 49
>>> KeyTabEntry: key tab entry size is 57
>>> KeyTabEntry: key tab entry size is 49
>>> KeyTabEntry: key tab entry size is 81
>>> KeyTabEntry: key tab entry size is 65
>>> KeyTabEntry: key tab entry size is 73
>>> KeyTabEntry: key tab entry size is 65
>>> KeyTabEntry: key tab entry size is 86
>>> KeyTabEntry: key tab entry size is 70
>>> KeyTabEntry: key tab entry size is 78
>>> KeyTabEntry: key tab entry size is 70
Java config name: alternative-krb5.conf
Loading krb5 profile at /scratch/mesos/slaves/9e9fe5f0-95a3-47d3-967f-11902fd45223-S13277/frameworks/1735e8a2-a1db-478c-8104-60c8b0af87dd-0196/executors/7b06fb97-d84a-4d26-912f-3c73cc4d33b4/runs/16917fc8-5ef2-491a-aee8-7fac93d98df4/testoutput/jtreg/JTwork/scratch/2/alternative-krb5.conf
Loaded from Java config
>>> KdcAccessibility: reset
------------------TEST----------------------
Expected: c30000c30000, actual c30000c30000
Java config name: alternative-krb5.conf
Loading krb5 profile at /scratch/mesos/slaves/9e9fe5f0-95a3-47d3-967f-11902fd45223-S13277/frameworks/1735e8a2-a1db-478c-8104-60c8b0af87dd-0196/executors/7b06fb97-d84a-4d26-912f-3c73cc4d33b4/runs/16917fc8-5ef2-491a-aee8-7fac93d98df4/testoutput/jtreg/JTwork/scratch/2/alternative-krb5.conf
Loaded from Java config
>>> KdcAccessibility: reset
------------------TEST----------------------
--------------- ERROR START -------------
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23.
>>> KrbAsReq creating message
>>> KrbKdcReq send: kdc=kdc.rabbit.hole UDP:62106, timeout=3000, number of retries =1, #bytes=141
>>> KDCCommunication: kdc=kdc.rabbit.hole UDP:62106, timeout=3000,Attempt =1, #bytes=141
SocketTimeOutException with attempt: 1
>>> KrbKdcReq send: error trying kdc.rabbit.hole:62106
java.net.SocketTimeoutException: Receive timed out
at java.base/java.net.PlainDatagramSocketImpl.peekData(Native Method)
at java.base/java.net.DatagramSocket.receive(DatagramSocket.java:789)
at java.security.jgss/sun.security.krb5.internal.UDPClient.receive(NetClient.java:205)
at java.security.jgss/sun.security.krb5.KdcComm$KdcCommunication.run(KdcComm.java:404)
at java.security.jgss/sun.security.krb5.KdcComm$KdcCommunication.run(KdcComm.java:364)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:348)
at java.security.jgss/sun.security.krb5.KdcComm.sendIfPossible(KdcComm.java:253)
at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:229)
at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:200)
at java.security.jgss/sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:326)
at java.security.jgss/sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:371)
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:743)
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:571)
at Context.fromUserPass(Context.java:168)
at Context.fromUserPass(Context.java:136)
at KdcPolicy.test(KdcPolicy.java:261)
at KdcPolicy.run(KdcPolicy.java:113)
at KdcPolicy.main0(KdcPolicy.java:83)
at KdcPolicy.main(KdcPolicy.java:56)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:564)
at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115)
at java.base/java.lang.Thread.run(Thread.java:844)
>>> KdcAccessibility: add kdc.rabbit.hole:62106
>>> KrbKdcReq send: kdc=kdc.rabbit.hole UDP:11514, timeout=3000, number of retries =1, #bytes=141
>>> KDCCommunication: kdc=kdc.rabbit.hole UDP:11514, timeout=3000,Attempt =1, #bytes=141
-----------------------------------------------
>>>>> UDP packet received
RABBIT.HOLE> dummy@RABBIT.HOLE sends AS-REQ for krbtgt/RABBIT.HOLE@RABBIT.HOLE, KDCOptions:
KrbException: Additional pre-authentication required (25)
at KDC.processAsReq(KDC.java:1097)
at KDC.processMessage(KDC.java:646)
at KDC$1.run(KDC.java:1265)
Error 25 Additional pre-authentication required
>>>Pre-Authentication Data:
PA-DATA type = 2
PA-ENC-TIMESTAMP
>>>Pre-Authentication Data:
PA-DATA type = 19
PA-ETYPE-INFO2 etype = 18, salt = RABBIT.HOLEdummy, s2kparams = null
PA-ETYPE-INFO2 etype = 17, salt = RABBIT.HOLEdummy, s2kparams = null
PA-ETYPE-INFO2 etype = 16, salt = RABBIT.HOLEdummy, s2kparams = null
PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null
>>>>> UDP request honored
>>> KrbKdcReq send: #bytes read=291
>>>Pre-Authentication Data:
PA-DATA type = 2
PA-ENC-TIMESTAMP
>>>Pre-Authentication Data:
PA-DATA type = 19
PA-ETYPE-INFO2 etype = 18, salt = RABBIT.HOLEdummy, s2kparams = null
PA-ETYPE-INFO2 etype = 17, salt = RABBIT.HOLEdummy, s2kparams = null
PA-ETYPE-INFO2 etype = 16, salt = RABBIT.HOLEdummy, s2kparams = null
PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null
>>> KdcAccessibility: remove kdc.rabbit.hole:11514
>>> KDCRep: init() encoding tag is 126 req type is 11
>>>KRBError:
sTime is Thu Jun 01 17:04:35 PDT 2017 1496361875000
suSec is 0
error code is 25
error Message is Additional pre-authentication required
cname is dummy@RABBIT.HOLE
sname is krbtgt/RABBIT.HOLE@RABBIT.HOLE
eData provided.
msgType is 30
>>>Pre-Authentication Data:
PA-DATA type = 2
PA-ENC-TIMESTAMP
>>>Pre-Authentication Data:
PA-DATA type = 19
PA-ETYPE-INFO2 etype = 18, salt = RABBIT.HOLEdummy, s2kparams = null
PA-ETYPE-INFO2 etype = 17, salt = RABBIT.HOLEdummy, s2kparams = null
PA-ETYPE-INFO2 etype = 16, salt = RABBIT.HOLEdummy, s2kparams = null
PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null
KRBError received: Additional pre-authentication required
KrbAsReqBuilder: PREAUTH FAILED/REQ, re-send AS-REQ
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23.
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23.
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
>>> KrbAsReq creating message
>>> KrbKdcReq send: kdc=kdc.rabbit.hole UDP:11514, timeout=3000, number of retries =1, #bytes=223
>>> KDCCommunication: kdc=kdc.rabbit.hole UDP:11514, timeout=3000,Attempt =1, #bytes=223
-----------------------------------------------
>>>>> UDP packet received
RABBIT.HOLE> dummy@RABBIT.HOLE sends AS-REQ for krbtgt/RABBIT.HOLE@RABBIT.HOLE, KDCOptions:
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
Return dummy@RABBIT.HOLE ticket for krbtgt/RABBIT.HOLE@RABBIT.HOLE, flags INITIAL;PRE-AUTHENT
>>>>> UDP request honored
SocketTimeOutException with attempt: 1
>>> KrbKdcReq send: error trying kdc.rabbit.hole:11514
java.net.SocketTimeoutException: Receive timed out
at java.base/java.net.PlainDatagramSocketImpl.peekData(Native Method)
at java.base/java.net.DatagramSocket.receive(DatagramSocket.java:789)
at java.security.jgss/sun.security.krb5.internal.UDPClient.receive(NetClient.java:205)
at java.security.jgss/sun.security.krb5.KdcComm$KdcCommunication.run(KdcComm.java:404)
at java.security.jgss/sun.security.krb5.KdcComm$KdcCommunication.run(KdcComm.java:364)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:348)
at java.security.jgss/sun.security.krb5.KdcComm.sendIfPossible(KdcComm.java:253)
at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:229)
at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:200)
at java.security.jgss/sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:326)
at java.security.jgss/sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:371)
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:743)
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:571)
at Context.fromUserPass(Context.java:168)
at Context.fromUserPass(Context.java:136)
at KdcPolicy.test(KdcPolicy.java:261)
at KdcPolicy.run(KdcPolicy.java:113)
at KdcPolicy.main0(KdcPolicy.java:83)
at KdcPolicy.main(KdcPolicy.java:56)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:564)
at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115)
at java.base/java.lang.Thread.run(Thread.java:844)
>>> KdcAccessibility: add kdc.rabbit.hole:11514
>>> KrbKdcReq send: kdc=kdc.rabbit.hole UDP:62106, timeout=3000, number of retries =1, #bytes=223
>>> KDCCommunication: kdc=kdc.rabbit.hole UDP:62106, timeout=3000,Attempt =1, #bytes=223
SocketTimeOutException with attempt: 1
>>> KrbKdcReq send: error trying kdc.rabbit.hole:62106
java.net.SocketTimeoutException: Receive timed out
at java.base/java.net.PlainDatagramSocketImpl.peekData(Native Method)
at java.base/java.net.DatagramSocket.receive(DatagramSocket.java:789)
at java.security.jgss/sun.security.krb5.internal.UDPClient.receive(NetClient.java:205)
at java.security.jgss/sun.security.krb5.KdcComm$KdcCommunication.run(KdcComm.java:404)
at java.security.jgss/sun.security.krb5.KdcComm$KdcCommunication.run(KdcComm.java:364)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:348)
at java.security.jgss/sun.security.krb5.KdcComm.sendIfPossible(KdcComm.java:253)
at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:234)
at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:200)
at java.security.jgss/sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:326)
at java.security.jgss/sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:371)
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:743)
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:571)
at Context.fromUserPass(Context.java:168)
at Context.fromUserPass(Context.java:136)
at KdcPolicy.test(KdcPolicy.java:261)
at KdcPolicy.run(KdcPolicy.java:113)
at KdcPolicy.main0(KdcPolicy.java:83)
at KdcPolicy.main(KdcPolicy.java:56)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:564)
at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115)
at java.base/java.lang.Thread.run(Thread.java:844)
>>> KdcAccessibility: add kdc.rabbit.hole:62106
--------------- ERROR END ---------------
----------System.err:(16/970)----------
java.lang.Exception: Does not match. Output is a3000c3000c3000a3000-
at KdcPolicy.test(KdcPolicy.java:295)
at KdcPolicy.run(KdcPolicy.java:113)
at KdcPolicy.main0(KdcPolicy.java:83)
at KdcPolicy.main(KdcPolicy.java:56)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:564)
at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115)
at java.base/java.lang.Thread.run(Thread.java:844)
Please refer to the test output below:
----------System.out:(218/12838)----------
Start KDC on 11514
Java config name: localkdc-krb5.conf
Loading krb5 profile at /scratch/mesos/slaves/9e9fe5f0-95a3-47d3-967f-11902fd45223-S13277/frameworks/1735e8a2-a1db-478c-8104-60c8b0af87dd-0196/executors/7b06fb97-d84a-4d26-912f-3c73cc4d33b4/runs/16917fc8-5ef2-491a-aee8-7fac93d98df4/testoutput/jtreg/JTwork/scratch/2/localkdc-krb5.conf
Loaded from Java config
>>> KdcAccessibility: reset
>>> KdcAccessibility: reset
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23.
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23.
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23.
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23.
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23.
>>> KeyTabEntry: key tab entry size is 87
>>> KeyTabEntry: key tab entry size is 71
>>> KeyTabEntry: key tab entry size is 79
>>> KeyTabEntry: key tab entry size is 71
>>> KeyTabEntry: key tab entry size is 67
>>> KeyTabEntry: key tab entry size is 51
>>> KeyTabEntry: key tab entry size is 59
>>> KeyTabEntry: key tab entry size is 51
>>> KeyTabEntry: key tab entry size is 65
>>> KeyTabEntry: key tab entry size is 49
>>> KeyTabEntry: key tab entry size is 57
>>> KeyTabEntry: key tab entry size is 49
>>> KeyTabEntry: key tab entry size is 81
>>> KeyTabEntry: key tab entry size is 65
>>> KeyTabEntry: key tab entry size is 73
>>> KeyTabEntry: key tab entry size is 65
>>> KeyTabEntry: key tab entry size is 86
>>> KeyTabEntry: key tab entry size is 70
>>> KeyTabEntry: key tab entry size is 78
>>> KeyTabEntry: key tab entry size is 70
Java config name: alternative-krb5.conf
Loading krb5 profile at /scratch/mesos/slaves/9e9fe5f0-95a3-47d3-967f-11902fd45223-S13277/frameworks/1735e8a2-a1db-478c-8104-60c8b0af87dd-0196/executors/7b06fb97-d84a-4d26-912f-3c73cc4d33b4/runs/16917fc8-5ef2-491a-aee8-7fac93d98df4/testoutput/jtreg/JTwork/scratch/2/alternative-krb5.conf
Loaded from Java config
>>> KdcAccessibility: reset
------------------TEST----------------------
Expected: c30000c30000, actual c30000c30000
Java config name: alternative-krb5.conf
Loading krb5 profile at /scratch/mesos/slaves/9e9fe5f0-95a3-47d3-967f-11902fd45223-S13277/frameworks/1735e8a2-a1db-478c-8104-60c8b0af87dd-0196/executors/7b06fb97-d84a-4d26-912f-3c73cc4d33b4/runs/16917fc8-5ef2-491a-aee8-7fac93d98df4/testoutput/jtreg/JTwork/scratch/2/alternative-krb5.conf
Loaded from Java config
>>> KdcAccessibility: reset
------------------TEST----------------------
--------------- ERROR START -------------
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23.
>>> KrbAsReq creating message
>>> KrbKdcReq send: kdc=kdc.rabbit.hole UDP:62106, timeout=3000, number of retries =1, #bytes=141
>>> KDCCommunication: kdc=kdc.rabbit.hole UDP:62106, timeout=3000,Attempt =1, #bytes=141
SocketTimeOutException with attempt: 1
>>> KrbKdcReq send: error trying kdc.rabbit.hole:62106
java.net.SocketTimeoutException: Receive timed out
at java.base/java.net.PlainDatagramSocketImpl.peekData(Native Method)
at java.base/java.net.DatagramSocket.receive(DatagramSocket.java:789)
at java.security.jgss/sun.security.krb5.internal.UDPClient.receive(NetClient.java:205)
at java.security.jgss/sun.security.krb5.KdcComm$KdcCommunication.run(KdcComm.java:404)
at java.security.jgss/sun.security.krb5.KdcComm$KdcCommunication.run(KdcComm.java:364)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:348)
at java.security.jgss/sun.security.krb5.KdcComm.sendIfPossible(KdcComm.java:253)
at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:229)
at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:200)
at java.security.jgss/sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:326)
at java.security.jgss/sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:371)
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:743)
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:571)
at Context.fromUserPass(Context.java:168)
at Context.fromUserPass(Context.java:136)
at KdcPolicy.test(KdcPolicy.java:261)
at KdcPolicy.run(KdcPolicy.java:113)
at KdcPolicy.main0(KdcPolicy.java:83)
at KdcPolicy.main(KdcPolicy.java:56)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:564)
at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115)
at java.base/java.lang.Thread.run(Thread.java:844)
>>> KdcAccessibility: add kdc.rabbit.hole:62106
>>> KrbKdcReq send: kdc=kdc.rabbit.hole UDP:11514, timeout=3000, number of retries =1, #bytes=141
>>> KDCCommunication: kdc=kdc.rabbit.hole UDP:11514, timeout=3000,Attempt =1, #bytes=141
-----------------------------------------------
>>>>> UDP packet received
RABBIT.HOLE> dummy@RABBIT.HOLE sends AS-REQ for krbtgt/RABBIT.HOLE@RABBIT.HOLE, KDCOptions:
KrbException: Additional pre-authentication required (25)
at KDC.processAsReq(KDC.java:1097)
at KDC.processMessage(KDC.java:646)
at KDC$1.run(KDC.java:1265)
Error 25 Additional pre-authentication required
>>>Pre-Authentication Data:
PA-DATA type = 2
PA-ENC-TIMESTAMP
>>>Pre-Authentication Data:
PA-DATA type = 19
PA-ETYPE-INFO2 etype = 18, salt = RABBIT.HOLEdummy, s2kparams = null
PA-ETYPE-INFO2 etype = 17, salt = RABBIT.HOLEdummy, s2kparams = null
PA-ETYPE-INFO2 etype = 16, salt = RABBIT.HOLEdummy, s2kparams = null
PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null
>>>>> UDP request honored
>>> KrbKdcReq send: #bytes read=291
>>>Pre-Authentication Data:
PA-DATA type = 2
PA-ENC-TIMESTAMP
>>>Pre-Authentication Data:
PA-DATA type = 19
PA-ETYPE-INFO2 etype = 18, salt = RABBIT.HOLEdummy, s2kparams = null
PA-ETYPE-INFO2 etype = 17, salt = RABBIT.HOLEdummy, s2kparams = null
PA-ETYPE-INFO2 etype = 16, salt = RABBIT.HOLEdummy, s2kparams = null
PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null
>>> KdcAccessibility: remove kdc.rabbit.hole:11514
>>> KDCRep: init() encoding tag is 126 req type is 11
>>>KRBError:
sTime is Thu Jun 01 17:04:35 PDT 2017 1496361875000
suSec is 0
error code is 25
error Message is Additional pre-authentication required
cname is dummy@RABBIT.HOLE
sname is krbtgt/RABBIT.HOLE@RABBIT.HOLE
eData provided.
msgType is 30
>>>Pre-Authentication Data:
PA-DATA type = 2
PA-ENC-TIMESTAMP
>>>Pre-Authentication Data:
PA-DATA type = 19
PA-ETYPE-INFO2 etype = 18, salt = RABBIT.HOLEdummy, s2kparams = null
PA-ETYPE-INFO2 etype = 17, salt = RABBIT.HOLEdummy, s2kparams = null
PA-ETYPE-INFO2 etype = 16, salt = RABBIT.HOLEdummy, s2kparams = null
PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null
KRBError received: Additional pre-authentication required
KrbAsReqBuilder: PREAUTH FAILED/REQ, re-send AS-REQ
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23.
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23.
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
>>> KrbAsReq creating message
>>> KrbKdcReq send: kdc=kdc.rabbit.hole UDP:11514, timeout=3000, number of retries =1, #bytes=223
>>> KDCCommunication: kdc=kdc.rabbit.hole UDP:11514, timeout=3000,Attempt =1, #bytes=223
-----------------------------------------------
>>>>> UDP packet received
RABBIT.HOLE> dummy@RABBIT.HOLE sends AS-REQ for krbtgt/RABBIT.HOLE@RABBIT.HOLE, KDCOptions:
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
Return dummy@RABBIT.HOLE ticket for krbtgt/RABBIT.HOLE@RABBIT.HOLE, flags INITIAL;PRE-AUTHENT
>>>>> UDP request honored
SocketTimeOutException with attempt: 1
>>> KrbKdcReq send: error trying kdc.rabbit.hole:11514
java.net.SocketTimeoutException: Receive timed out
at java.base/java.net.PlainDatagramSocketImpl.peekData(Native Method)
at java.base/java.net.DatagramSocket.receive(DatagramSocket.java:789)
at java.security.jgss/sun.security.krb5.internal.UDPClient.receive(NetClient.java:205)
at java.security.jgss/sun.security.krb5.KdcComm$KdcCommunication.run(KdcComm.java:404)
at java.security.jgss/sun.security.krb5.KdcComm$KdcCommunication.run(KdcComm.java:364)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:348)
at java.security.jgss/sun.security.krb5.KdcComm.sendIfPossible(KdcComm.java:253)
at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:229)
at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:200)
at java.security.jgss/sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:326)
at java.security.jgss/sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:371)
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:743)
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:571)
at Context.fromUserPass(Context.java:168)
at Context.fromUserPass(Context.java:136)
at KdcPolicy.test(KdcPolicy.java:261)
at KdcPolicy.run(KdcPolicy.java:113)
at KdcPolicy.main0(KdcPolicy.java:83)
at KdcPolicy.main(KdcPolicy.java:56)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:564)
at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115)
at java.base/java.lang.Thread.run(Thread.java:844)
>>> KdcAccessibility: add kdc.rabbit.hole:11514
>>> KrbKdcReq send: kdc=kdc.rabbit.hole UDP:62106, timeout=3000, number of retries =1, #bytes=223
>>> KDCCommunication: kdc=kdc.rabbit.hole UDP:62106, timeout=3000,Attempt =1, #bytes=223
SocketTimeOutException with attempt: 1
>>> KrbKdcReq send: error trying kdc.rabbit.hole:62106
java.net.SocketTimeoutException: Receive timed out
at java.base/java.net.PlainDatagramSocketImpl.peekData(Native Method)
at java.base/java.net.DatagramSocket.receive(DatagramSocket.java:789)
at java.security.jgss/sun.security.krb5.internal.UDPClient.receive(NetClient.java:205)
at java.security.jgss/sun.security.krb5.KdcComm$KdcCommunication.run(KdcComm.java:404)
at java.security.jgss/sun.security.krb5.KdcComm$KdcCommunication.run(KdcComm.java:364)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:348)
at java.security.jgss/sun.security.krb5.KdcComm.sendIfPossible(KdcComm.java:253)
at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:234)
at java.security.jgss/sun.security.krb5.KdcComm.send(KdcComm.java:200)
at java.security.jgss/sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:326)
at java.security.jgss/sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:371)
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:743)
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:571)
at Context.fromUserPass(Context.java:168)
at Context.fromUserPass(Context.java:136)
at KdcPolicy.test(KdcPolicy.java:261)
at KdcPolicy.run(KdcPolicy.java:113)
at KdcPolicy.main0(KdcPolicy.java:83)
at KdcPolicy.main(KdcPolicy.java:56)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:564)
at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115)
at java.base/java.lang.Thread.run(Thread.java:844)
>>> KdcAccessibility: add kdc.rabbit.hole:62106
--------------- ERROR END ---------------
----------System.err:(16/970)----------
java.lang.Exception: Does not match. Output is a3000c3000c3000a3000-
at KdcPolicy.test(KdcPolicy.java:295)
at KdcPolicy.run(KdcPolicy.java:113)
at KdcPolicy.main0(KdcPolicy.java:83)
at KdcPolicy.main(KdcPolicy.java:56)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:564)
at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115)
at java.base/java.lang.Thread.run(Thread.java:844)
- backported by
-
JDK-8182000 sun/security/krb5/auto/KdcPolicy.java fails with java.lang.Exception: Does not match
-
- Resolved
-
-
JDK-8182347 sun/security/krb5/auto/KdcPolicy.java fails with java.lang.Exception: Does not match
-
- Resolved
-
-
JDK-8328320 sun/security/krb5/auto/KdcPolicy.java fails with java.lang.Exception: Does not match
-
- Resolved
-