bug fix for native kerberos libraries
Weijun Wang
weijun.wang at oracle.com
Fri Oct 19 01:11:33 UTC 2012
Hi Christos
You mean the exception thrown in NativeGSSFactory.java lines 52-60?
Vector<GSSCredElement> creds = GSSUtil.searchSubject
(name, mech, initiate, GSSCredElement.class);
// If Subject is present but no native creds available
if (creds != null && creds.isEmpty()) {
if (GSSUtil.useSubjectCredsOnly(caller)) {
throw new GSSException(GSSException.NO_CRED);
}
}
Why would you leave GSSUtil.useSubjectCredsOnly to be true? IMHO, there
is no need to call JGSS through JAAS when you are using a native provider.
Thanks
Max
On 10/19/2012 05:26 AM, Sean Mullan wrote:
>
> (Forwarding to security-dev as this should be discussed in that group, not
> core-libs).
>
> On 10/18/12 5:02 PM, christos at zoulas.com wrote:
>> Hello,
>>
>> This simple fix allows kerberos authentication to work with:
>>
>> -Dsun.security.jgss.native=true
>>
>> and microsoft's sqljdbc 4.0.2206.100 driver.
>>
>> Enjoy,
>>
>> christos
>>
>> --- a/java/src/sun/security/jgss/GSSUtil.java Mon Oct 15 17:43:08 2012 -0400
>> +++ b/java/src/sun/security/jgss/GSSUtil.java Mon Oct 15 17:44:28 2012 -0400
>> @@ -333,10 +333,19 @@
>> Subject accSubj = Subject.getSubject(acc);
>> Vector<GSSCredentialSpi> result = null;
>> if (accSubj != null) {
>> - result = new Vector<GSSCredentialSpi>();
>> Iterator<GSSCredentialImpl> iterator =
>> accSubj.getPrivateCredentials
>> (GSSCredentialImpl.class).iterator();
>> + // GSSCredentialImpl is only implemented in
>> + // the non-native kerberos implementation,
>> + // so if we don't get any elements here
>> + // assume native and return null so that
>> + // searchSubject does not fail. A better
>> + // fix is to implement the code that handles
>> + // this in native java.
>> + if (!iterator.hasNext())
>> + return null;
>> + result = new Vector<GSSCredentialSpi>();
>> while (iterator.hasNext()) {
>> GSSCredentialImpl cred = iterator.next();
>> debug("...Found cred" + cred);
>>
More information about the security-dev
mailing list