Kerberos codes in Apple's Java
Weijun Wang
weijun.wang at oracle.com
Thu Dec 1 14:54:57 UTC 2011
Hi Bino
>> 2. Reading native memory-based credentials cache into Credentials objects
>
> I don't think we do this in JDK6 either.
I just tried OS X's builtin kinit and klist command:
$ kinit dummy
Please enter the password for dummy at THREE.LOCAL:
$ klist
Kerberos 5 ticket cache: 'API:Initial default ccache'
...
So here the ccache name is "API:Initial default ccache", which looks
like an in-memory ccache. At least I cannot find normal file-based
ccache file named /tmp/krb5cc_**.
There is also a difference between Apple's JDK 6u29 and the current
macosx-port OpenJDK build when calling the following method:
sun.security.krb5,Credentials.acquireTGTFromCache()
It returns a valid credential (which is identical to the klist output)
in Apple's 6u29, but the macosx-port one returns null. So it seems the
Apple JDK can see the special ccache object but macosx-port cannot.
Thanks
Max
>
> Regards
> Bino.
>
>
>
> On Oct 14, 2011, at 10:38 AM, Weijun Wang wrote:
>
>> Hi Mike
>>
>> I'm working in the Java SE Security Team in Oracle. Apple's JRE (at
>> least in the JDK 6 releases) supports some extra Kerberos features for
>> OS X. As I know, at least there are:
>>
>> 1. Looking for krb5.conf at /Library/Preferences/edu.mit.Kerberos
>> 2. Reading native memory-based credentials cache into Credentials objects
>>
>> I didn't see them on the Project Status page [1]. Is it because they
>> are too trivial to be listed or you're not going to support them?
>>
>> Thanks
>> Max
>>
>> [1] http://wikis.sun.com/display/OpenJDK/Mac+OS+X+Port+Project+Status
>
More information about the security-dev
mailing list