gokrb5: ClientClaimsInfo error parsing byte stream headers: Malformed NDR steam: Not enough bytes.
Hi,
We use this library as part of https://github.com/wintoncode/vault-plugin-auth-kerberos.
We have a working setup that accepts kerberos ticket issued on linux host. However when we run with tickets issued from our windows 10 boxes we get ClientClaimsInfo error. Both windows and linux machines are on the same domain.
A bit more background around the kerberos ticket generated on linux and windows: Windows kerberos token as python string:
YIILIgYGKwYBBQUCoIILFjCCCxKgMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHgYKKwYBBAGCNwICCqKCCtwEggrYYIIK1AYJKoZIhvcSAQICAQBuggrDMIIKv6ADAgEFoQMCAQ6iBwMFACAAAACjggjbYYII1zCCCNOgAwIBBaETGxFCTFVFTElaQVJELk9SRy5VS6IqMCigAwIBAqEhMB8bBEhUVFAbF3ZhdWx0LmJsdWVsaXphcmQub3JnLnVro4IIiTCCCIWgAwIBEqEDAgECooIIdwSCCHOTqWc17i++LtrEf0TvdSx2QmB0t0NGxedGs/IzFz5fH6yVeosOssTB7q2WHxynv5/dtf/5kWx2sdDw9iktgvsGiUyTmTHNo7tijSmVJXhHiwXLDx6O99zORWwqNtADmtUPIsUfwAEkTuXNF+VsW6R0AoNuG4WlznCfcu9xdqnr/9GIgudkCnbNfMJ4nbIZSyEC6UqZSGakBd9wCXJ5opKpOQo19t5q0md9YPhjs6GUzebXBpvvsOKlkoskdlsExVbLPN9lhIlx9ju0J1DbUzrT6dy06unXVD4EYpLOzKVxCV5GP3r4yJltemfQrCMI2rRLEbkI0Pja79oMOp1SwWqgBkUD2qsPlyFR6Ii0qdoA57XNz2E24i8SFwaEn7ZsEq8ftFYxisfLYvJyyGUmv+gOl9PkOXuBanpwqr5ElD3kmsARABuFb7yxAV3FmiZ+H1FNVTgCGCtonWOpu/WZRv3JhBQMC06uqGNO31QRZGxCj1l9QrwlW8gVd/Z2ER0l7qG+J4ltOqHJG3CZ2RKU5bZIoN48HoLcB+NsYSkRK7i0r6krlsSS65xmwUsce1Jn/rccFW+BARfIuflRFR4Mi4ErTvtlLpsrHfY9YG2HwEzxmqPCzjP1/FP8/20XEPECbljO/oAXCtc2nFZ+cf4u0l96eyLBp+5fYsjzA8R6LsS+61L4MZjTJWC8PApUebyUSNzp+dzy3uxEk7iUEPTiJwu8CedAf7spoRvvw3pgtQjz/LD4D0wUsxxbPcVzCJJDO1z2Eu7XvS3hzZ3srD1mkAZpUmJkVtaiSEtBpyrjBd5ZpJxyOvhLe8i2Klz6ElGus9tNIJDELu58g+l1lOM4WiEzIdXRBCoHwO/DKbDABMBFmdU26TvKjNDUClMHY9z0RA9vhqtfW1ZERH4OTjZ1R5h18YzJnuF1Jo6KQqu/v+oC/Is7ara64mVvL2guJMAy3cMyZQxfPp9fJ1YSuubhou8SylaH7roNUIc3KXjSWB6aB0j6A1h5Kc6FSlzV8LKSV2cFkLwyRf8uVgyVLftYLYsmDBthkLmb1uSV21xf9e529FKQkhBtMMUdkAeMdTCXeINXrPQ60PXPU/vYjJEEgJGHiY2MwHbiwoWZPKeHnm4FvpgkfKB8MDBayT5IRp3QYE+ff1HDa3n7n1g80ydYCM4+XYs+G4tC5uuxNHTZMp1srhErzyznXlt6/YFVTOz35cSEZi6JQYdBv7apLDZe9Lbaa9bxp0V89gZHLcwvOoIuHhYakdTy7iT7FRosnDYjnAseNw3Opo1k7Lwo+ZfVqBZoLkw+YD35px22RM2KndkOQ1evBzF1q24XIFSqmjgCRqlZsHix7XlessXHesoVXJMaCS9JoHOHthGfG6kcP+i2Stmsb5EwgZd2wlAgQMAwMJjAgJNnxGW+4KL/H22qtof0apY7eAndRBrielP3t8ybqbotVVxfEdH2r6hTrzIHjrNST+2/dSo2LYmmX63tQN75QLB8p/JZcY5AcHvOdZRL7hh5TSZ0NuuKleuX+5NfW/xIBQIpF7jZzlrZCJny00KzAwnFAWGJ3y6AZYj/5/ZbLt/34kOp/F5FXi/SpEb7EYEXJ6JGHOL/65ejRRizK7q3n/hAcsOCEN7mF8QiwY80ljwEZmaHIebAKe+8xV8z8iVBcy2PKToymYGFxilchoZr3Qebi0u9CXXc49aQzm8ISQxXkcInkmPxfgV78OTDDjMWtzJbS+TsJW6i6AAFB7FlaSTVl697sQG9M0Rgnv9gUYGKjfNrLizuGdsKtJg/S/ybo0QPyd2CZCBQ7+LTkaR2VRmct5hnLM6l5YJuAg+t+dLZkrKG7+KDBWNfDlB0yNf0I7v6mi9ZSo16vHgoAIte61Clr5MNZEJ/rG2F2s5bhLh++4eTD2hTdU7Dm5O9gR4hP/7cjyXfbpZRMirNjLN/kENXla39GyHN35SXYzqbHYYm9pWMZE6vlWY8vVYYV0ZWblqRcZSw4mutzmNX6nmp6PZpEOAxuOONi4tRAvFnDEU1538ZCikxtzZXtB81JCzJVvjHcBUDx1+89SOdSU64XRJJie9r4CHmInJKlao1roiNSFOxKKSYGTBCuPXAdh4mHBcaJIf/i6kgBklgPghNpQLbwcZ6UH8Ba/i1qUnwm8lDx6dB6A9ZY15jAfsuscqufsvDbaXQQejDbSfYb1aVAvLJXi98otDM+A4f/p6G6e1XkRfQ5S/tzKRJpsx7we5br9lgPAKsDvdvDqyCEymKF/XzqOD/ior8uNhyv43IyDbUxDfOD1h1Wj1XD1g0zTS1NSoS1sWvlETMOGktr0TUQgpaO8YSaRXJpMJk8TLVT+JAijvkfhhRKx22c3+b3QZlID5DWFJO5zt7nRginejUlFOgaD2HYjLCCcxixy0rYVYvaApzP9u2YEMBqQNUV+zWSa674OhM2YsfSNw3xbt9pQt6P8qe9nKKy4yvORHaLDi+Ch6qE0j3LxTPpbEDC4fclX5zhykOXaXPoxmfXj2UrBylPAiG24lY9n+ua/qtf/w1ZNAunRzxnHGs2ecVHWSZ2EQ+CLA6VaoJzkKeX1sEjOHGTpqH3/FPPibx4VdYT9yE1rduO4nrMapMmyXEH0GrmvAQfJXfBpO9hTk94TbX4Oy5TSERf4ZQai0XsKKSI7V/WJEWP0hlgMp0BvEeqTIoOUQVNSLpd979JHWkYxf5axeEuAai/MXRpFV3WWx9AEs1yIw4RUx8lP2ijotuw7Swr3RIosII9U/sdTW+LqI3DAp88p4ZTuVNaYQm8NLfktZpfoYwIhn39j0uvuHig0Bqaw1qUNrhf4+5KCJ0ZTwLSnE8pcO2IIr3w0k5ovuMacObR50e0s1Lfgl6vtCd90zGGJCkggHJMIIBxaADAgESooIBvASCAbh5LtWE7NyyoqwdGlWqRs3Kjn67CifJjuNX0T48p/Qq3Ax+iN10ldb3OkhfUp9dDS6QhaIzTAar5q86pr8cT3XDQaQ2r+Jpx0pc6sdZj0gKgZhoaq61uPxIoz+PWg0ObW+yVAx6jIlt1+NepHe9g2qtBDEF3uu5tAyrg+X0wx89hujntg8IGsAuhfjR6D6920dPwaXKkpWWvnySDaj5Val6fTv+ncwHomtgOsUKPDhCmaIXZCG6k2r0dW0fjkU8VRhvNHMdNDrAWmUEhvDXGA3xmMcCrAxGzKsPOLEjaa7Cl2A2l4St3QG4jqTXxJVw+yNpY57OZTH/Yq2Jze8ZG8AqCuL+XyFDIdimo9jUEjjPPj8p4iaCD2Qs3dDxPaJVVD0ym55I4YJVqy8OPBUnvjjwfK5q/tdzXspvoZtoYhsJxCvxIfgVpz093Uihf4owtTKnfu2EcayNYGodRs4WmEcWST4uyskpijlMUjgfsT79F7YVPUENwCYWAS14YE2oQj22j/10ubEJtVty6QQLUHdOoBQGyZYx8rCO7FpSz69OR60atx6tyFschqZRt6IyWCvKeM6APh8RZA==
Linux Kerberos token as python string:
YIII3wYGKwYBBQUCoIII0zCCCM+gJzAlBgkqhkiG9xIBAgIGBSsFAQUCBgkqhkiC9xIBAgIGBisGAQUCBaKCCKIEggieYIIImgYJKoZIhvcSAQICAQBuggiJMIIIhaADAgEFoQMCAQ6iBwMFACAAAACjggeRYYIHjTCCB4mgAwIBBaETGxFCTFVFTElaQVJELk9SRy5VS6IqMCigAwIBAaEhMB8bBEhUVFAbF3ZhdWx0LmJsdWVsaXphcmQub3JnLnVro4IHPzCCBzugAwIBEqEDAgECooIHLQSCBynmGSUEJ/8bCMlSNosAuluhIF8o48WLkdYLE8Spq5bQR3DAB9b6k/53ocrBuZiz2CK+Kh1Tgwy6pknu3mu7YeZfYGVXtZGjCOAiuqG/LmA34zoT4JqDsL4/spv/yGGAdf0Ak8JTWhZkJ7EO+6OqW0QCmaUfO63yfkbJHdbeKc7Fs3E+484P5C0XlJv0iX0vJc1ACSdqVKs5wea+WTnlD0WLy8D4OxuxroL9AoOZ1NEkkSlHfqfQ+oCuXed0pX6KJwixWhou2EPQ9oANw80tXsrtw9fGbr58425TQ/q5BbOuqLeymsaQYMfgK13WOU0sqWsNjusvpSsYyHbw2Jk7V3s5IqLLm58TWd55ou1be8TU0TC5SHC0R3yDZf69xkH9BKsX5FNAcPZ7SDdU2Hhgj3+AGUzMH27c9vOOqRKQLXiKpvMWTFx2x3YPYVCCeeZDst8i2/i7MwGYb13y/PcglDjwd2RTTzPJ9xlpFqDdjLhgnrckU7alxBKtHViOzSqWZLTKPHOQeFljRI41i0VHswy07xFzpJT1vlhGK39W4z+37p6oh5cB9rHiuH9yJE9U2WdlVHU1kZfNZLo14lM703zOGwjwTLci0mrdp7RBCr3UlifShMbB4psPDNC67Flk+Xk1fGfE3FWpi5BLLWcosRV37Yp4+Ws2hr4pFYA9WyEHn4+mMXp20+we6cpmAn1wHRWSSeElgw6jDUpIZonih2CCpGB1+4Zy4+s7x7Qe8hRtfM/gEyP+Cu0e8FUc/8/C7Tw0bimqle8qDVISFDABs3Z74vfdJ2c5NBVjyJAuBkccRFvmYndBAMwGM8zQcBnr4RwMhAOZ8YWtcloFDu7UwJhmCP89+e7tbZTzRpEVWkx/0n/LkEAr9elyT40PLbfnuHqFvTT8LVnHTIhx+Y9rLPkd9uu+72D7Ue3cRnGpZGEc+wtGfWnSVtJT7SFYluHGhll6HiIB88xGB1UMIAXKDVrwRocUxmS8PswotOcfNAORioY7ro4V1a146ia0NulmhpJs2uIq/MO7VFrDO4zjHO8CLv/3OkQGVlP+I9v8n43E74zyyrmOK3VZZWhNEm2Bxj4ORLxNn3sDsdEF3uv3g/ex3lqq07wLStc62F9V8IT8w38AkDDVU9v0Bh8we/jbMygwygyhBT6z4XxxAsxVGyppHTMbe8b13PJEna58GtBiSI/gld1y3wrVPtUKq/+bAzZQIge+Ez0CT94I8MLfHCQes7g6pYrXS0aD0S9k/CaCPdXnDfyhaQ7AyQ5I3+HwensQpp45hGkwWzGhWvdzC16AAeQYI25ZKnrmW1PrbRaKIXCf2+HIKtrtYhi085/hA4VIkddhdL1b/xLkIbIPLx1w/ktRaGk/GFfOze8O/OrnTt3dxfi//y68lUG0C8+XetIjbcA0BWCYVxbNvNf4xC7TFSyWxW0IZ5skWJ+QGWhxC5qTj36n+QhSxERKUqJOh+6BByigkc6KW1HQpW3q335qZeJGG6OmZDy6FEVDxajvPVj1pjJSflOAywMp6/Io7wRlNYrYLgFHUe8zx//YfJUKEWGSEPqhGwtZK22Jk6ciHBz2dnh0GHLvzTTYPflXMDt8CyP3Fwvi8l9b27o+6tkxlh0Mgwx85YxEtsyQLkKQOJR3d/ENHlpL9cDR0G2TEK7BZ3FuB1NUn8TbTsmVRxUUnuyPCAR95Zth1U9xDSjU/BKAI0roehunQkKfjBiIJ5hpckLtRSlB5t5bCwRoLBEWcMXhtxJhB8gqG6xyl1nuHr8LO5ZPE8iI4evQeimq/PY8j7XFnU2kl+Lwl6rRjK4nqPAB/nFd89ZDEKPvIwUSMLpX86dbTdVrF6HSgJLhMO+YybTl9CLQOykXPiV8C7d5t52YVRb0L8RJzy6VdpB0DlRLtasRuaOi2cpQAWBVJqSJVwn0F92c9ktC6voZT0Jtyk0W8rbTboLRkNUq2B9x/M4XYrlkxoTcWD+at4beKnETxAXJKVr724SN0X/lGwnAUtVCnDFBJANj7d018tK5v63ySOxYDbcQqYF9K3oogyN2XDwMhR4c0mi5mTkJesmdoeXSbcfkAWOI/287WDPUjf0U3XmDObeL1sH/4nNJAbWhMnf9/G9KnOUyDFXkoZsKYiVqHzcIez+c1EvLmomsQkUsxqwNCtzJf6RuclirU8TNb3CGtGQXd5As0X/1Na0VVoYBJ3U2aY2FI/FKimyH5v6ZmAlOCbik8SpBkFzpxU+G4TXxiC225x9/OSgfbCOfu8QnalGXMg4/rWpTOveAAI0mW6dVoFcxs5LYj8RbQD7y/+QGGHyW5VpCkOcs+0sSo2QOdj39cJooGQjj9bPW9JhTzQhhM7gmMt+r+j4YXecBvLatq46JXmoLzugFJy92U3benVocOILqJS9HWLf3lq4Vv6ADXghHSjs+/CByu81VEMVOnTxGDKikgdowgdegAwIBEqKBzwSBzECXugJvFhLJSMcd4y6OIKkCWRcv9rvulsPOAijpzzyio1Qr80D2eXpyJ2xGYobVhhbXAN50TAKIYBEUwKxbktiN+Tu33szQUm1ltqY3++6a7DBVry/r4Crp/PtiP2FXq0C6vi7XXsT5Ezkl7908sVNdUWUkfaFcN0b4Uawvxren4OdYw3FIuUUP2HW9XomAwIuAGOMRv0dmTCeV/hgtzfe2NSm01F4tZx6GikwL95gkvMXSwl4vhHbDN5itEaWSv0dlgTweC6FRZghSpQ==
We will add more info once we get them. Just keen to get this going.
Thanks.
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Comments: 31 (11 by maintainers)
Hi, I have investigated further and committed some new code to issue-156. Would you mind testing and see if this works for you? With regards to back porting to v4 I would prefer not to as this would be a lot of work on an old version. I am thinking of putting a PR into wintoncode/vault-plugin-auth-kerberos to up it to version 5.
@pault28 thanks for confirming. I have now issued release 5.3.0 with this included. I’m working on a PR to https://github.com/wintoncode/vault-plugin-auth-kerberos to upgrade it to this version of gokrb5.