bug fix for native kerberos libraries
Christos Zoulas
christos at zoulas.com
Fri Oct 19 15:17:12 UTC 2012
On Oct 19, 8:50am, christos at zoulas.com (Christos Zoulas) wrote:
-- Subject: Re: bug fix for native kerberos libraries
Hi Weijun,
I verified that setting -Djavax.security.auth.useSubjectCredsOnly=false
fixes this issue, but then unless I brought in my other patch from jdk6,
I get:
javax.security.auth.login.LoginException: Unable to obtain Princpal Name for authentication
Someone should fix the typo in the exception string, but also why do I need
this?
Thanks,
christos
--- bsd-port/jdk/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java 2011-07-17 20:36:08.000000000 -0400
+++ ./Krb5LoginModule.java 2012-10-19 10:51:02.027729713 -0400
@@ -624,6 +624,29 @@
// ticketCacheName == null implies the default cache
if (debug)
System.out.println("Acquire TGT from Cache");
+ if (ticketCacheName == null) {
+ /*
+ * http://docs.oracle.com/cd/E19082-01/819-2252/\
+ * 6n4i8rtr3/index.html
+ */
+ String krb5CCName = System.getenv("KRB5CCNAME");
+ if (krb5CCName != null) {
+ final String filePrefix = "FILE:";
+ final String memoryPrefix = "MEMORY:";
+ if (krb5CCName.startsWith(filePrefix))
+ ticketCacheName = krb5CCName.substring(
+ filePrefix.length());
+ else if (krb5CCName.startsWith(memoryPrefix))
+ ticketCacheName = krb5CCName.substring(
+ memoryPrefix.length());
+ else
+ ticketCacheName = krb5CCName;
+ if (debug)
+ System.out.println("Located ticket cache "
+ + ticketCacheName
+ + " through environment variable KRB5CCNAME.");
+ }
+ }
cred = Credentials.acquireTGTFromCache
(principal, ticketCacheName);
More information about the security-dev
mailing list