Details

      Description

      The test jep113/MIT-AD2008-AD2008-Cons, jep113/SEAM-AD2008-AD2008-Cons is part of the new tests for JEP113, Constrained delegation in Kerberos

      Test Description:
      ---------------------
      client@REALM2 has established a kerberos context with krbservice1@REALM1 with delegcred=false, krbservice1@REALM1 delegates to krbservice2@REALM1 using S4U2PROXY
      NOTE : S4U2PROXY is within the same realm


      The test jep113/MIT-AD2008-AD2008-Cons, jep113/SEAM-AD2008-AD2008-Cons fails with message :
      [2013-01-07T22:30:33.73] KrbException: KDC cannot accommodate requested option (13)
      [2013-01-07T22:30:33.73] at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:70)
      [2013-01-07T22:30:33.73] at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:251)
      [2013-01-07T22:30:33.73] at sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:262)
      [2013-01-07T22:30:33.73] at sun.security.krb5.internal.CredentialsUtil.acquireS4U2proxyCreds(CredentialsUtil.java:90)
      [2013-01-07T22:30:33.73] at sun.security.krb5.Credentials.acquireS4U2proxyCreds(Credentials.java:460)
      [2013-01-07T22:30:33.73] at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:694)
      [2013-01-07T22:30:33.73] at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
      [2013-01-07T22:30:33.73] at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
      [2013-01-07T22:30:33.73] at Krb5Initiator.establishSecurityContext(Krb5Initiator.java:132)
      [2013-01-07T22:30:33.73] at UseDelegatedCredAction.run(UseDelegatedCredAction.java:64)
      [2013-01-07T22:30:33.73] at java.security.AccessController.doPrivileged(Native Method)
      [2013-01-07T22:30:33.73] at javax.security.auth.Subject.doAsPrivileged(Subject.java:474)
      [2013-01-07T22:30:33.73] at Server.impersonateClient(Server.java:470)
      [2013-01-07T22:30:33.73] at Server.run(Server.java:147)
      [2013-01-07T22:30:33.73] at java.lang.Thread.run(Thread.java:722)
      [2013-01-07T22:30:33.73] Caused by: KrbException: Identifier doesn't match expected value (906)
      [2013-01-07T22:30:33.73] at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140)
      [2013-01-07T22:30:33.73] at sun.security.krb5.internal.TGSRep.init(TGSRep.java:65)
      [2013-01-07T22:30:33.73] at sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:60)
      [2013-01-07T22:30:33.73] at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:55)
      [2013-01-07T22:30:33.73] ... 14 more
      [2013-01-07T22:30:33.73] GSSException: No valid credentials provided (Mechanism level: KDC cannot accommodate requested option (13))
      [2013-01-07T22:30:33.73] at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:767)
      [2013-01-07T22:30:33.73] at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
      [2013-01-07T22:30:33.73] at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
      [2013-01-07T22:30:33.73] at Krb5Initiator.establishSecurityContext(Krb5Initiator.java:132)
      [2013-01-07T22:30:33.73] at UseDelegatedCredAction.run(UseDelegatedCredAction.java:64)
      [2013-01-07T22:30:33.73] at java.security.AccessController.doPrivileged(Native Method)
      [2013-01-07T22:30:33.73] at javax.security.auth.Subject.doAsPrivileged(Subject.java:474)
      [2013-01-07T22:30:33.73] at Server.impersonateClient(Server.java:470)
      [2013-01-07T22:30:33.73] at Server.run(Server.java:147)
      [2013-01-07T22:30:33.73] at java.lang.Thread.run(Thread.java:722)
      [2013-01-07T22:30:33.73] Caused by: KrbException: KDC cannot accommodate requested option (13)
      [2013-01-07T22:30:33.73] at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:70)
      [2013-01-07T22:30:33.73] at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:251)
      [2013-01-07T22:30:33.73] at sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:262)
      [2013-01-07T22:30:33.73] at sun.security.krb5.internal.CredentialsUtil.acquireS4U2proxyCreds(CredentialsUtil.java:90)
      [2013-01-07T22:30:33.73] at sun.security.krb5.Credentials.acquireS4U2proxyCreds(Credentials.java:460)
      [2013-01-07T22:30:33.73] at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:694)
      [2013-01-07T22:30:33.73] ... 9 more
      [2013-01-07T22:30:33.73] Caused by: KrbException: Identifier doesn't match expected value (906)
      [2013-01-07T22:30:33.73] at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140)
      [2013-01-07T22:30:33.73] at sun.security.krb5.internal.TGSRep.init(TGSRep.java:65)
      [2013-01-07T22:30:33.73] at sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:60)
      [2013-01-07T22:30:33.73] at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:55)
      [2013-01-07T22:30:33.73] ... 14 more
      [2013-01-07T22:30:33.73] GSSException: No valid credentials provided (Mechanism level: KDC cannot accommodate requested option (13))
      [2013-01-07T22:30:33.73] at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:767)
      [2013-01-07T22:30:33.73] at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
      [2013-01-07T22:30:33.73] at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
      [2013-01-07T22:30:33.73] at Krb5Initiator.establishSecurityContext(Krb5Initiator.java:132)
      [2013-01-07T22:30:33.73] at UseDelegatedCredAction.run(UseDelegatedCredAction.java:64)
      [2013-01-07T22:30:33.73] at java.security.AccessController.doPrivileged(Native Method)
      [2013-01-07T22:30:33.73] at javax.security.auth.Subject.doAsPrivileged(Subject.java:474)
      [2013-01-07T22:30:33.73] at Server.impersonateClient(Server.java:470)
      [2013-01-07T22:30:33.73] at Server.run(Server.java:147)
      [2013-01-07T22:30:33.73] at java.lang.Thread.run(Thread.java:722)
      [2013-01-07T22:30:33.73] Caused by: KrbException: KDC cannot accommodate requested option (13)
      [2013-01-07T22:30:33.73] at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:70)
      [2013-01-07T22:30:33.73] at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:251)
      [2013-01-07T22:30:33.73] at sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:262)
      [2013-01-07T22:30:33.73] at sun.security.krb5.internal.CredentialsUtil.acquireS4U2proxyCreds(CredentialsUtil.java:90)

        Attachments

          Activity

            People

            • Assignee:
              weijun Weijun Wang
              Reporter:
              nisriniv Nithya Srinivasan (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: