[rfc][icedtea7] Handle alternative Kerberos credential cache locations
Elliott Baron
ebaron at redhat.com
Wed Aug 14 09:11:29 PDT 2013
Hi Andrew,
On 08/14/2013 11:57 AM, Andrew Haley wrote:
> On 08/13/2013 11:07 PM, Elliott Baron wrote:
>> Kerberos 1.11 introduced a new configuration variable to override the
>> default location of the credential cache at build time. Fedora 18 and up
>> have used this new configuration variable to define an alternate default
>> cache location (/run/user/$UID/krb5cc/tkt). This bug was initially
>> reported against Fedora [1].
>>
>> On Linux and Solaris systems, FileCredentialsCache.getDefaultCacheName()
>> defaults to the previously hard-coded location (/tmp/krb5cc_$UID). This
>> location will be incorrect if Kerberos was built with an alternative
>> credential cache location set. Since this credential cache location can
>> be arbitrary, we need to query the Kerberos API for the correct
>> location. This patch implements this query using a new JNI call, which
>> adds a dependency on libkrb5 for Linux and Solaris systems.
>>
>> This patch was prepared against icedtea7-forest/jdk, changeset afaedb56b499.
> Is this really an IcedTea-specific bug?
>
> Andrew.
>
It's not specific to IcedTea. I will also post the patch to the OpenJDK
security-dev list.
Thanks,
Elliott
More information about the distro-pkg-dev
mailing list