[rfc][icedtea7] Handle alternative Kerberos credential cache locations

Andrew Hughes gnu.andrew at redhat.com
Wed Sep 4 04:45:40 PDT 2013


----- Original Message -----
> Hi,
> 
> Kerberos 1.11 introduced a new configuration variable to override the
> default location of the credential cache at build time. Fedora 18 and up
> have used this new configuration variable to define an alternate default
> cache location (/run/user/$UID/krb5cc/tkt). This bug was initially
> reported against Fedora [1].
> 
> On Linux and Solaris systems, FileCredentialsCache.getDefaultCacheName()
> defaults to the previously hard-coded location (/tmp/krb5cc_$UID). This
> location will be incorrect if Kerberos was built with an alternative
> credential cache location set. Since this credential cache location can
> be arbitrary, we need to query the Kerberos API for the correct
> location. This patch implements this query using a new JNI call, which
> adds a dependency on libkrb5 for Linux and Solaris systems.
> 
> This patch was prepared against icedtea7-forest/jdk, changeset afaedb56b499.
> 
> 2013-08-12  Elliott Baron <ebaron at redhat.com>
>      * make/sun/security/Makefile: Build krb5/internal/ccache on Linux
> and Solaris.
>      *
> src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java:
> Replace
>      hard-coded cache location with native call to Kerberos API.
>      * make/sun/security/krb5/internal/ccache/Makefile: New file; builds
> JNI wrapper for
>      needed Kerberos API.
>      *
> src/solaris/native/sun/security/krb5/internal/ccache/krb5ccache.c: New
> file; JNI function
>      to query default cache location from Kerberos API.
> 
> Thanks,
> Elliott
> 
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=991170
> 
> 

I had to make some further changes.  I didn't realise that it was introducing
a new library dependency and, indeed, hardcoding -lkrb5.  I'd assumed that was
already present.

http://icedtea.classpath.org/hg/icedtea7-forest/jdk/rev/fd4289593675
-- 
Andrew :)

Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F  8F91 3B96 A578 248B DC07




More information about the distro-pkg-dev mailing list