-
Bug
-
Resolution: Cannot Reproduce
-
P3
-
None
-
openjdk8u242
It seems jtreg test sun/security/krb5/auto/ReplayCacheTestProc fails on systems with canonicalized hostname other then localhost. Particularly it may be observed with following /etc/hosts
127.0.0.1 localhost.localdomain
This is may be due to sun.security.krb5.PrincipalName substitutes provided name with canonicalized version while the test hardcoded to localhost only.
From the jtr:
>>>>> UDP packet received
RABBIT.HOLE> USER4@RABBIT.HOLE sends AS-REQ for krbtgt/RABBIT.HOLE@RABBIT.HOLE, KDCOptions: CANONICALIZE,
Return USER4@RABBIT.HOLE ticket for krbtgt/RABBIT.HOLE@RABBIT.HOLE, flags INITIAL;PRE-AUTHENT;ENC-PA-REP
>>>>> UDP request honored
PROC: C readline: USER4 call initSecContext
-----------------------------------------------
>>>>> UDP packet received
RABBIT.HOLE> null sends TGS-REQ for host2/localhost.localdomain@RABBIT.HOLE, KDCOptions: CANONICALIZE,
RABBIT.HOLE> verifying referral for host2/localhost.localdomain
RABBIT.HOLE> presenting a ticket of USER4@RABBIT.HOLE to krbtgt/RABBIT.HOLE@RABBIT.HOLE
KrbException: Server not found in Kerberos database (7) - host2/localhost.localdomain@RABBIT.HOLE
at KDC.getPassword(KDC.java:668)
at KDC.keyForUser(KDC.java:742)
at KDC.processTgsReq(KDC.java:995)
at KDC.processMessage(KDC.java:776)
at KDC$1.run(KDC.java:1600)
Error 7 Server not found in Kerberos database
From proc.debug
Server start
Server login
Server login
GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - Server not found in Kerberos database)
at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:772)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
at Context$11.run(Context.java:655)
at Context$5.run(Context.java:352)
at Context$5.run(Context.java:348)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at Context.doAs(Context.java:348)
at Context.take(Context.java:642)
at ReplayCacheTestProc.main0(ReplayCacheTestProc.java:189)
at ReplayCacheTestProc.main(ReplayCacheTestProc.java:217)
Caused by: KrbException: Server not found in Kerberos database (7) - Server not found in Kerberos database
at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:73)
at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:226)
at sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:237)
at sun.security.krb5.internal.CredentialsUtil.serviceCredsSingle(CredentialsUtil.java:400)
at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:287)
at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:263)
at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:118)
at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:490)
at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:695)
... 11 more
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140)
at sun.security.krb5.internal.TGSRep.init(TGSRep.java:65)
at sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:60)
at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:55)
... 19 more
127.0.0.1 localhost.localdomain
This is may be due to sun.security.krb5.PrincipalName substitutes provided name with canonicalized version while the test hardcoded to localhost only.
From the jtr:
>>>>> UDP packet received
RABBIT.HOLE> USER4@RABBIT.HOLE sends AS-REQ for krbtgt/RABBIT.HOLE@RABBIT.HOLE, KDCOptions: CANONICALIZE,
Return USER4@RABBIT.HOLE ticket for krbtgt/RABBIT.HOLE@RABBIT.HOLE, flags INITIAL;PRE-AUTHENT;ENC-PA-REP
>>>>> UDP request honored
PROC: C readline: USER4 call initSecContext
-----------------------------------------------
>>>>> UDP packet received
RABBIT.HOLE> null sends TGS-REQ for host2/localhost.localdomain@RABBIT.HOLE, KDCOptions: CANONICALIZE,
RABBIT.HOLE> verifying referral for host2/localhost.localdomain
RABBIT.HOLE> presenting a ticket of USER4@RABBIT.HOLE to krbtgt/RABBIT.HOLE@RABBIT.HOLE
KrbException: Server not found in Kerberos database (7) - host2/localhost.localdomain@RABBIT.HOLE
at KDC.getPassword(KDC.java:668)
at KDC.keyForUser(KDC.java:742)
at KDC.processTgsReq(KDC.java:995)
at KDC.processMessage(KDC.java:776)
at KDC$1.run(KDC.java:1600)
Error 7 Server not found in Kerberos database
From proc.debug
Server start
Server login
Server login
GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - Server not found in Kerberos database)
at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:772)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
at Context$11.run(Context.java:655)
at Context$5.run(Context.java:352)
at Context$5.run(Context.java:348)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at Context.doAs(Context.java:348)
at Context.take(Context.java:642)
at ReplayCacheTestProc.main0(ReplayCacheTestProc.java:189)
at ReplayCacheTestProc.main(ReplayCacheTestProc.java:217)
Caused by: KrbException: Server not found in Kerberos database (7) - Server not found in Kerberos database
at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:73)
at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:226)
at sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:237)
at sun.security.krb5.internal.CredentialsUtil.serviceCredsSingle(CredentialsUtil.java:400)
at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:287)
at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:263)
at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:118)
at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:490)
at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:695)
... 11 more
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140)
at sun.security.krb5.internal.TGSRep.init(TGSRep.java:65)
at sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:60)
at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:55)
... 19 more