bug fix for native kerberos libraries

Christos Zoulas christos at zoulas.com
Fri Oct 19 12:50:48 UTC 2012


On Oct 19,  9:11am, weijun.wang at oracle.com (Weijun Wang) wrote:
-- Subject: Re: bug fix for native kerberos libraries

| Hi Christos
| 
| You mean the exception thrown in NativeGSSFactory.java lines 52-60?
| 
|          Vector<GSSCredElement> creds = GSSUtil.searchSubject
|              (name, mech, initiate, GSSCredElement.class);
| 
|          // If Subject is present but no native creds available
|          if (creds != null && creds.isEmpty()) {
|              if (GSSUtil.useSubjectCredsOnly(caller)) {
|                  throw new GSSException(GSSException.NO_CRED);
|              }
|          }
| 
| Why would you leave GSSUtil.useSubjectCredsOnly to be true? IMHO, there 
| is no need to call JGSS through JAAS when you are using a native provider.

Yes, I guess this is new with JDK 7. Thanks I will try that!

christos



More information about the security-dev mailing list