bug fix for native kerberos libraries
Weijun Wang
weijun.wang at oracle.com
Mon Oct 22 00:17:38 UTC 2012
You are still using JAAS? There is no need to call Krb5LoginModule or
read credentials cache yourself if you are using native kerberos. Just
call JGSS APIs directly.
Thanks
Weijun
On 10/19/2012 11:17 PM, christos at zoulas.com wrote:
> On Oct 19, 8:50am, christos at zoulas.com (Christos Zoulas) wrote:
> -- Subject: Re: bug fix for native kerberos libraries
>
> Hi Weijun,
>
> I verified that setting -Djavax.security.auth.useSubjectCredsOnly=false
> fixes this issue, but then unless I brought in my other patch from jdk6,
> I get:
> javax.security.auth.login.LoginException: Unable to obtain Princpal Name for authentication
>
> Someone should fix the typo in the exception string, but also why do I need
> this?
>
> Thanks,
>
> christos
>
> --- bsd-port/jdk/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java 2011-07-17 20:36:08.000000000 -0400
> +++ ./Krb5LoginModule.java 2012-10-19 10:51:02.027729713 -0400
> @@ -624,6 +624,29 @@
> // ticketCacheName == null implies the default cache
> if (debug)
> System.out.println("Acquire TGT from Cache");
> + if (ticketCacheName == null) {
> + /*
> + * http://docs.oracle.com/cd/E19082-01/819-2252/\
> + * 6n4i8rtr3/index.html
> + */
> + String krb5CCName = System.getenv("KRB5CCNAME");
> + if (krb5CCName != null) {
> + final String filePrefix = "FILE:";
> + final String memoryPrefix = "MEMORY:";
> + if (krb5CCName.startsWith(filePrefix))
> + ticketCacheName = krb5CCName.substring(
> + filePrefix.length());
> + else if (krb5CCName.startsWith(memoryPrefix))
> + ticketCacheName = krb5CCName.substring(
> + memoryPrefix.length());
> + else
> + ticketCacheName = krb5CCName;
> + if (debug)
> + System.out.println("Located ticket cache "
> + + ticketCacheName
> + + " through environment variable KRB5CCNAME.");
> + }
> + }
> cred = Credentials.acquireTGTFromCache
> (principal, ticketCacheName);
>
>
More information about the security-dev
mailing list