Examples of KdcServer

• org.apache.directory.server.kerberos.kdc.KdcServer
  Contains the configuration parameters for the Kerberos protocol provider. @author Apache Directory Project

Examples of org.apache.directory.server.kerberos.kdc.KdcServer

     * Creates a new instance of {@link AuthenticationPolicyTest}.
     */
    @Before
    public void setUp()
    {
        kdcServer = new KdcServer();
        config = kdcServer.getConfig();
        store = new MapPrincipalStoreImpl();
        handler = new KerberosProtocolHandler( kdcServer, store );
        session = new KrbDummySession();
    }

Examples of org.apache.directory.server.kerberos.kdc.KdcServer

     * Creates a new instance of {@link PreAuthenticationTest}.
     */
    @Before
    public void setUp()
    {
        kdcServer = new KdcServer();
        config = kdcServer.getConfig();
        store = new MapPrincipalStoreImpl();
        handler = new KerberosProtocolHandler( kdcServer, store );
        session = new KrbDummySession();
        lockBox = new CipherTextHandler();

Examples of org.apache.directory.server.kerberos.kdc.KdcServer

     * Creates a new instance of {@link AuthenticationServiceTest}.
     */
    @Before
    public void setUp()
    {
        kdcServer = new KdcServer();
        config = kdcServer.getConfig();
        store = new MapPrincipalStoreImpl();
        handler = new KerberosProtocolHandler( kdcServer, store );
        session = new KrbDummySession();
        lockBox = new CipherTextHandler();

Examples of org.apache.directory.server.kerberos.kdc.KdcServer

    } finally {
      IOUtils.closeQuietly(reader);
      IOUtils.closeQuietly(is1);
    }

    kdc = new KdcServer();
    kdc.setDirectoryService(ds);

    // transport
    String transport = conf.getProperty(TRANSPORT);
    if (transport.trim().equals("TCP")) {

Examples of org.apache.directory.server.kerberos.kdc.KdcServer

                directoryService.getAdminSession().modify(entry.getDn(), entry.getModificationItems());
            }
        }
        ldifReader.close();

        kdcServer = new KdcServer();
        kdcServer.setServiceName("DefaultKrbServer");
        kdcServer.setKdcPrincipal("krbtgt/service.ws.apache.org@service.ws.apache.org");
        kdcServer.setPrimaryRealm("service.ws.apache.org");
        kdcServer.setMaximumTicketLifetime(60000 * 1440);
        kdcServer.setMaximumRenewableLifetime(60000 * 10080);

Examples of org.apache.directory.server.kerberos.kdc.KdcServer

        if ( ( kdcServerBean == null ) || kdcServerBean.isDisabled() )
        {
            return null;
        }

        KdcServer kdcServer = new KdcServer();

        kdcServer.setDirectoryService( directoryService );
        kdcServer.setEnabled( true );

        kdcServer.setDirectoryService( directoryService );

        // The ID
        kdcServer.setServiceId( kdcServerBean.getServerId() );

        // AllowableClockSkew
        kdcServer.setAllowableClockSkew( kdcServerBean.getKrbAllowableClockSkew() );

        // BodyChecksumVerified
        kdcServer.setBodyChecksumVerified( kdcServerBean.isKrbBodyChecksumVerified() );

        // CatalogBased
        //kdcServer.setCatelogBased( kdcServerBean.is );

        // EmptyAddressesAllowed
        kdcServer.setEmptyAddressesAllowed( kdcServerBean.isKrbEmptyAddressesAllowed() );

        // EncryptionType
        EncryptionType[] encryptionTypes = createEncryptionTypes( kdcServerBean.getKrbEncryptionTypes() );
        kdcServer.setEncryptionTypes( encryptionTypes );

        // ForwardableAllowed
        kdcServer.setForwardableAllowed( kdcServerBean.isKrbForwardableAllowed() );

        // KdcPrincipal
        kdcServer.setKdcPrincipal( kdcServerBean.getKrbKdcPrincipal().toString() );

        // MaximumRenewableLifetime
        kdcServer.setMaximumRenewableLifetime( kdcServerBean.getKrbMaximumRenewableLifetime() );

        // MaximumTicketLifetime
        kdcServer.setMaximumTicketLifetime( kdcServerBean.getKrbMaximumTicketLifetime() );

        // PaEncTimestampRequired
        kdcServer.setPaEncTimestampRequired( kdcServerBean.isKrbPaEncTimestampRequired() );

        // PostdatedAllowed
        kdcServer.setPostdatedAllowed( kdcServerBean.isKrbPostdatedAllowed() );

        // PrimaryRealm
        kdcServer.setPrimaryRealm( kdcServerBean.getKrbPrimaryRealm() );

        // ProxiableAllowed
        kdcServer.setProxiableAllowed( kdcServerBean.isKrbProxiableAllowed() );

        // RenewableAllowed
        kdcServer.setRenewableAllowed( kdcServerBean.isKrbRenewableAllowed() );

        // searchBaseDn
        kdcServer.setSearchBaseDn( kdcServerBean.getSearchBaseDn().getName() );

        // The transports
        Transport[] transports = createTransports( kdcServerBean.getTransports() );
        kdcServer.setTransports( transports );

        return kdcServer;
    }

Examples of org.apache.directory.server.kerberos.kdc.KdcServer

    private static void selectEncryptionType( TicketGrantingContext tgsContext ) throws Exception
    {
        KdcContext kdcContext = (KdcContext)tgsContext;
        KdcServer config = kdcContext.getConfig();

        Set<EncryptionType> requestedTypes = kdcContext.getRequest().getKdcReqBody().getEType();

        EncryptionType bestType = KerberosUtils.getBestEncryptionType( requestedTypes, config.getEncryptionTypes() );

        LOG.debug( "Session will use encryption type {}.", bestType );

        if ( bestType == null )
        {

Examples of org.apache.directory.server.kerberos.kdc.KdcServer

    }


    public static void verifyTgt( TicketGrantingContext tgsContext ) throws KerberosException
    {
        KdcServer config = tgsContext.getConfig();
        Ticket tgt = tgsContext.getTgt();

        // Check primary realm.
        if ( !tgt.getRealm().equals( config.getPrimaryRealm() ) )
        {
            throw new KerberosException( ErrorType.KRB_AP_ERR_NOT_US );
        }

        String tgtServerName = KerberosUtils.getKerberosPrincipal( tgt.getSName(), tgt.getRealm() ).getName();
        String requestServerName = KerberosUtils.getKerberosPrincipal(
            tgsContext.getRequest().getKdcReqBody().getSName(), tgsContext.getRequest().getKdcReqBody().getRealm() ).getName();

        /*
         * if (tgt.sname is not a TGT for local realm and is not req.sname)
         *     then error_out(KRB_AP_ERR_NOT_US);
         */
        if ( !tgtServerName.equals( config.getServicePrincipal().getName() )
            && !tgtServerName.equals( requestServerName ) )
        {
            throw new KerberosException( ErrorType.KRB_AP_ERR_NOT_US );
        }
    }

Examples of org.apache.directory.server.kerberos.kdc.KdcServer

     * <li>Section 3.3.2. Receipt of KRB_TGS_REQ Message -> 2nd paragraph
     * <li>Section 5.5.1. KRB_AP_REQ Definition -> Authenticator -> cksum
     */
    private static void verifyBodyChecksum( TicketGrantingContext tgsContext ) throws KerberosException
    {
        KdcServer config = tgsContext.getConfig();

        if ( config.isBodyChecksumVerified() )
        {
            KdcReqBody body = tgsContext.getRequest().getKdcReqBody();
            // FIXME how this byte[] is computed??
            // is it full ASN.1 encoded bytes OR just the bytes of all the values alone?
            // for now am using the ASN.1 encoded value

Examples of org.apache.directory.server.kerberos.kdc.KdcServer

            request.getKdcReqBody().getSName(), request.getKdcReqBody().getRealm() );

        EncryptionType encryptionType = tgsContext.getEncryptionType();
        EncryptionKey serverKey = tgsContext.getRequestPrincipalEntry().getKeyMap().get( encryptionType );

        KdcServer config = tgsContext.getConfig();

        EncTicketPart newTicketPart = new EncTicketPart();

        newTicketPart.setClientAddresses( tgt.getEncTicketPart().getClientAddresses() );