Code review request: 7201053: Krb5LoginModule shows NPE when both useTicketCache and storeKey are set to true
Sean Mullan
sean.mullan at oracle.com
Fri Oct 5 13:37:53 UTC 2012
On 9/26/12 12:30 AM, Weijun Wang wrote:
> Hi All
>
> Please take a look at
>
> http://cr.openjdk.java.net/~weijun/7201053/webrev.00/
Looks fine to me.
--Sean
>
> In fact, even without this code change, LoginContext would wrap the NPE
> inside a LoginException so no real harm will be made. However, it's
> always nice to check for null before reference a variable, and an NPE
> (no matter as a cause or in the message) is not user friendly.
>
> Thanks
> Max
>
>
> -------- Original Message --------
> 7201053: Krb5LoginModule shows NPE when both useTicketCache and storeKey
> are set to true
>
> === *Description*
> ============================================================
> useTicketCache normally used in the intiator side, and storeKey on the
> acceptor side. When both are set to true, and a valid TGT is found
> inside the cache, no password or keytab will be required, and therefore
> no key to store.
>
> This combination is useless and should have been set to illegal.
> However, some customers simply set a lot of arguments to true and this
> will actually work if password or key is used. We don't want to break
> their programs.
>
> For this case, when there is no key but storeKey is true, a proper
> LoginException should be thrown. This is also consistent with the JDK 6
> behavior.
>
More information about the security-dev
mailing list