Skip to content

Unmute Kerberos integ tests #80538

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 9, 2021
Merged

Unmute Kerberos integ tests #80538

merged 1 commit into from
Nov 9, 2021

Conversation

jkakavas
Copy link
Member

@jkakavas jkakavas commented Nov 9, 2021

We used to default enctypes to des3-cbc-sha1-kd but with JDK17,
weak encryption types are disabled by default. This caused our
Kerberos integration tests to fail with an
sun.security.krb5.KrbException: no supported default etypes for default_tkt_enctypes exception.

We have since changed our default encryption type to
aes256-cts-hmac-sha1-96 in #78703 and we can unmute these tests
now.

@jkakavas
Unmute Kerberos integ tests
28aad27 
We used to default enctypes to des3-cbc-sha1-kd but with JDK17,
weak encryption types are disabled by default. This caused our
Kerberos integration tests to fail with an
`sun.security.krb5.KrbException: no supported default etypes for
default_tkt_enctypes` exception.

We have since changed our default encryption type to
aes256-cts-hmac-sha1-96 in elastic#78703 and we can unmute these tests
now.
@jkakavas jkakavas added >test Issues or PRs that are addressing/adding tests :Security/Security Security issues without another label v8.0.0 auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) auto-backport-and-merge v7.16.1 labels Nov 9, 2021
@jkakavas jkakavas requested a review from masseyke November 9, 2021 14:05
@elasticmachine elasticmachine added the Team:Security Meta label for security team label Nov 9, 2021
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

@elasticsearchmachine elasticsearchmachine merged commit 0a3d220 into elastic:master Nov 9, 2021
@jkakavas jkakavas mentioned this pull request Nov 9, 2021
Merged
jkakavas added a commit to jkakavas/elasticsearch that referenced this pull request Nov 9, 2021
@jkakavas
Unmute Kerberos integ tests (elastic#80538)
dcb756e 
We used to default enctypes to des3-cbc-sha1-kd but with JDK17, weak
encryption types are disabled by default. This caused our Kerberos
integration tests to fail with an `sun.security.krb5.KrbException: no
supported default etypes for default_tkt_enctypes` exception. We have
since changed our default encryption type to aes256-cts-hmac-sha1-96 in
elastic#78703 and we can unmute these tests now.
@elasticsearchmachine
Copy link
Collaborator

💔 Backport failed

Status Branch Result
8.0
7.16 Commit could not be cherrypicked due to conflicts

You can use sqren/backport to manually backport by running backport --upstream elastic/elasticsearch --pr 80538

@jkakavas jkakavas mentioned this pull request Nov 9, 2021
Merged
jkakavas added a commit to jkakavas/elasticsearch that referenced this pull request Nov 9, 2021
@jkakavas
Unmute Kerberos integ tests (elastic#80538)
e33fd73 
We used to default enctypes to des3-cbc-sha1-kd but with JDK17, weak
encryption types are disabled by default. This caused our Kerberos
integration tests to fail with an `sun.security.krb5.KrbException: no
supported default etypes for default_tkt_enctypes` exception. We have
since changed our default encryption type to aes256-cts-hmac-sha1-96 in
elastic#78703 and we can unmute these tests now.
# Conflicts:
#	x-pack/qa/kerberos-tests/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosAuthenticationIT.java
elasticsearchmachine pushed a commit that referenced this pull request Nov 9, 2021
@jkakavas
Unmute Kerberos integ tests (#80538) (#80542)
e936a06 
We used to default enctypes to des3-cbc-sha1-kd but with JDK17, weak
encryption types are disabled by default. This caused our Kerberos
integration tests to fail with an `sun.security.krb5.KrbException: no
supported default etypes for default_tkt_enctypes` exception. We have
since changed our default encryption type to aes256-cts-hmac-sha1-96 in
#78703 and we can unmute these tests now.
jkakavas added a commit that referenced this pull request Nov 9, 2021
@jkakavas
[7.16] Unmute Kerberos integ tests (#80538) (#80543)
52ad3f9 
We used to default enctypes to des3-cbc-sha1-kd but with JDK17, weak
encryption types are disabled by default. This caused our Kerberos
integration tests to fail with an `sun.security.krb5.KrbException: no
supported default etypes for default_tkt_enctypes` exception. We have
since changed our default encryption type to aes256-cts-hmac-sha1-96 in
#78703 and we can unmute these tests now.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@masseyke masseyke Awaiting requested review from masseyke

Assignees
No one assigned
Labels
auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) :Security/Security Security issues without another label Team:Security Meta label for security team >test Issues or PRs that are addressing/adding tests v7.16.0 v8.0.0-rc2 v8.1.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jkakavas @elasticmachine @elasticsearchmachine @pugnascotia @danhermann