[rfc][icedtea7] Handle alternative Kerberos credential cache locations
Elliott Baron
ebaron at redhat.com
Tue Aug 13 15:07:27 PDT 2013
Hi,
Kerberos 1.11 introduced a new configuration variable to override the
default location of the credential cache at build time. Fedora 18 and up
have used this new configuration variable to define an alternate default
cache location (/run/user/$UID/krb5cc/tkt). This bug was initially
reported against Fedora [1].
On Linux and Solaris systems, FileCredentialsCache.getDefaultCacheName()
defaults to the previously hard-coded location (/tmp/krb5cc_$UID). This
location will be incorrect if Kerberos was built with an alternative
credential cache location set. Since this credential cache location can
be arbitrary, we need to query the Kerberos API for the correct
location. This patch implements this query using a new JNI call, which
adds a dependency on libkrb5 for Linux and Solaris systems.
This patch was prepared against icedtea7-forest/jdk, changeset afaedb56b499.
2013-08-12 Elliott Baron <ebaron at redhat.com>
* make/sun/security/Makefile: Build krb5/internal/ccache on Linux
and Solaris.
*
src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java:
Replace
hard-coded cache location with native call to Kerberos API.
* make/sun/security/krb5/internal/ccache/Makefile: New file; builds
JNI wrapper for
needed Kerberos API.
*
src/solaris/native/sun/security/krb5/internal/ccache/krb5ccache.c: New
file; JNI function
to query default cache location from Kerberos API.
Thanks,
Elliott
[1] https://bugzilla.redhat.com/show_bug.cgi?id=991170
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jdk-krb5-default-ccache-fix.patch
Type: text/x-patch
Size: 12437 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20130813/8d93dafa/jdk-krb5-default-ccache-fix.patch
More information about the distro-pkg-dev
mailing list