Failing to authenticate when used against MIT Kerberos Server #323
Description
Describe the bug
The library seems to be failing when trying to talk to MIT Kerberos Server. I've setup a test MIT Kerberos Server, create a principal and trying to use Kerberos.NET to try to obtain TGT. This is failing with
System.Threading.Tasks.TaskCanceledException: A task was canceled.
at Kerberos.NET.Transport.Tcp.ReadFromStream(Memory`1 readResponse, NetworkStream stream, CancellationToken cancellation, TimeSpan readTimeout) in D:\a\1\s\Kerberos.NET\Transport\Tcp.cs:line 57
at Kerberos.NET.Transport.TcpKerberosTransport.ReadResponse[T](NetworkStream stream, CancellationToken cancellation, TimeSpan readTimeout) in D:\a\1\s\Kerberos.NET\Client\Transport\TcpKerberosTransport.cs:line 129
at Kerberos.NET.Transport.TcpKerberosTransport.SendMessage[T](String domain, ReadOnlyMemory`1 encoded, CancellationToken cancellation)
at Kerberos.NET.Transport.KerberosTransportSelector.SendMessage[T](String domain, ReadOnlyMemory`1 encoded, CancellationToken cancellation)
at Kerberos.NET.Client.KerberosClient.RequestTgt(KerberosCredential credential) in D:\a\1\s\Kerberos.NET\Client\KerberosClient.cs:line 1205
at Kerberos.NET.Client.KerberosClient.AuthenticateCredential(KerberosCredential credential) in D:\a\1\s\Kerberos.NET\Client\KerberosClient.cs:line 374
at Kerberos.NET.Client.KerberosClient.Authenticate(KerberosCredential credential) in D:\a\1\s\Kerberos.NET\Client\KerberosClient.cs:line 357
at UserQuery.Main() in C:\Users\astakhov\AppData\Local\Temp\LINQPad7\_mkttxexs\eshxoi\LINQPadQuery:line 15
I am able to authenticate with kinit without issues
To Reproduce
- Create a docker-compose file like this
version: '3.0'
services:
demo:
image: gcavalcante8808/krb5-server
ports:
- '88:88'
- '749:749'
- '464:464'
- '888:888'
environment:
KRB5_REALM: MACSUX.DC
KRB5_KDC: localhost
KRB5_PASS: password
- Launch the server from shell via
docker-compose upcommand - Add user to the kerberos server by executing the following command (adjust container name if necessary)
docker exec krb-test-server-demo-1 /bin/sh -c "echo password | kadmin -r MACSUX.DC -p admin/admin@MACSUX.DC -q 'addprinc -pw password iwasvc@MACSUX.DC'" - Try to authenticate to this server via a program like this:
var realm = "MACSUX.DC";
var config = Krb5Config.Default();
config.Realms[realm].Kdc.Add("localhost");
config.Realms[realm].DefaultDomain = realm.ToLower();
config.DomainRealm.Add(realm.ToLower(), realm.ToUpper());
config.DomainRealm.Add($".{realm.ToLower()}", realm.ToUpper());
var client = new KerberosClient(config);
var credentials = new Kerberos.NET.Credentials.KerberosPasswordCredential("iwasvc", "password", "macsux.dc");
await client.Authenticate(credentials);Linqpad snippet: http://share.linqpad.net/stcnk6.linq
Expected behavior
Authentication successful
Screenshots
Additional context
Tested on Windows with server running in docker. kinit test was performed from WSL and was successful.