-
Bug
-
Resolution: Fixed
-
P3
-
1.4.2
-
06
-
x86
-
windows_2000
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2096853 | 5.0 | Seema Malkani | P3 | Resolved | Fixed | tiger |
Platforms
Win2K
JDK Build
Since merlin (jdk1.4.1)
and
all mantis build (till b17)
Descriptions:
Use Case
1. set the following in the jaas.conf file
a. set useTicketCache = true
b. principal = < principal name >
c. did not specify
ticketCache=< file name >
so, the default location will be looked at to get the ticket cache
2. preset the ticket cache using kinit command
3. run java program to do a JAAS login, then LoginModule should be able to
authenticate user by using the default ticket cahe without asking for a
password
How to reproduce
1. Prepare for the testing
a. you should have configure a KDC server.
Here is the one what I used
hostname: impulse.sfbay.sun.com
REALM: JAVASOFT5.SFBAY.SUN.COM
b. set up a princinpal at that KDC server
i.e.
###@###.###
c. create jaas.conf as follows
bisquit:/home/stuartk/JGSS/KINIT/Test2( 202 )%cat jaas.conf
test.KerberosClient {
com.sun.security.auth.module.Krb5LoginModule required
principal=dummy
useTicketCache=true
debug=true;
};
d. create krb5.conf which contains
JAVASOFT5.SFBAY.SUN.COM = {
kdc = impulse.sfbay.sun.com
admin_server = impulse.sfbay.sun.com
}
e. Here is the Java Code
bisquit:/home/stuartk/JGSS/KINIT/Test2( 206 )%cat Test.java
import javax.security.auth.login.LoginContext;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosTicket;
public class Test {
public static void main(String[] args) throws Exception {
LoginContext lc = new LoginContext("test.KerberosClient");
lc.login();
Subject s = lc.getSubject();
KerberosTicket ticket = (KerberosTicket)
s.getPrivateCredentials(KerberosTicket.class).iterator().next();
if (ticket.isForwardable()) {
System.out.println("The ticket is forwardable");
} else {
System.out.println("The ticket is not forwardable");
}
System.out.println(ticket);
}
}
2. go to any windows 2000 machine
3. set JAVA_HOME to the JDK you want to test
4. using the following command to create ticket cahe
$JAVA_HOME/bin/kinit -J-Djava.security.krb5.kdc=impulse.sfbay.sun.com -J-Djava.security.krb5.realm=JAVASOFT5.SFBAY.SUN.COM -f dummy bogus
5. Here is the command to show the ticket cache
$JAVA_HOME/bin/klist -f -e
6. compile your java code
$JAVA_HOME/bin/javac Test.java
7. then run the java code to reproduce the failures
$JAVA_HOME/bin/java -Djava.security.auth.login.config=jaas.conf -Djava.security.krb5.conf=krb5.conf Test
8. you will see
Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt false ticketCache is null KeyTab
is null refreshKrb5Config is false principal is dummy tryFirstPass is false useFirstPass is false storePass is
false clearPass is false
Principal is ###@###.###^M
null credentials from Ticket Cache^M
javax.security.auth.login.LoginException: java.lang.NullPointerException^M
at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:691)^M
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:568)^M
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:475)^M
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)^M
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)^M
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)^M
at java.lang.reflect.Method.invoke(Method.java:324)^M
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)^M
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)^M
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)^M
at java.security.AccessController.doPrivileged(Native Method)^M
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)^M
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)^M
at Test.main(Test.java:8)^M
^M
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:730)^M
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)^M
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)^M
at java.security.AccessController.doPrivileged(Native Method)^M
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)^M
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)^M
at Test.main(Test.java:8)^M
Exception in thread "main" ^M
Note:
1. This test pass with solaris, linux, win NT and winXP
2. Java Code is from Seema Malkani
Win2K
JDK Build
Since merlin (jdk1.4.1)
and
all mantis build (till b17)
Descriptions:
Use Case
1. set the following in the jaas.conf file
a. set useTicketCache = true
b. principal = < principal name >
c. did not specify
ticketCache=< file name >
so, the default location will be looked at to get the ticket cache
2. preset the ticket cache using kinit command
3. run java program to do a JAAS login, then LoginModule should be able to
authenticate user by using the default ticket cahe without asking for a
password
How to reproduce
1. Prepare for the testing
a. you should have configure a KDC server.
Here is the one what I used
hostname: impulse.sfbay.sun.com
REALM: JAVASOFT5.SFBAY.SUN.COM
b. set up a princinpal at that KDC server
i.e.
###@###.###
c. create jaas.conf as follows
bisquit:/home/stuartk/JGSS/KINIT/Test2( 202 )%cat jaas.conf
test.KerberosClient {
com.sun.security.auth.module.Krb5LoginModule required
principal=dummy
useTicketCache=true
debug=true;
};
d. create krb5.conf which contains
JAVASOFT5.SFBAY.SUN.COM = {
kdc = impulse.sfbay.sun.com
admin_server = impulse.sfbay.sun.com
}
e. Here is the Java Code
bisquit:/home/stuartk/JGSS/KINIT/Test2( 206 )%cat Test.java
import javax.security.auth.login.LoginContext;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosTicket;
public class Test {
public static void main(String[] args) throws Exception {
LoginContext lc = new LoginContext("test.KerberosClient");
lc.login();
Subject s = lc.getSubject();
KerberosTicket ticket = (KerberosTicket)
s.getPrivateCredentials(KerberosTicket.class).iterator().next();
if (ticket.isForwardable()) {
System.out.println("The ticket is forwardable");
} else {
System.out.println("The ticket is not forwardable");
}
System.out.println(ticket);
}
}
2. go to any windows 2000 machine
3. set JAVA_HOME to the JDK you want to test
4. using the following command to create ticket cahe
$JAVA_HOME/bin/kinit -J-Djava.security.krb5.kdc=impulse.sfbay.sun.com -J-Djava.security.krb5.realm=JAVASOFT5.SFBAY.SUN.COM -f dummy bogus
5. Here is the command to show the ticket cache
$JAVA_HOME/bin/klist -f -e
6. compile your java code
$JAVA_HOME/bin/javac Test.java
7. then run the java code to reproduce the failures
$JAVA_HOME/bin/java -Djava.security.auth.login.config=jaas.conf -Djava.security.krb5.conf=krb5.conf Test
8. you will see
Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt false ticketCache is null KeyTab
is null refreshKrb5Config is false principal is dummy tryFirstPass is false useFirstPass is false storePass is
false clearPass is false
Principal is ###@###.###^M
null credentials from Ticket Cache^M
javax.security.auth.login.LoginException: java.lang.NullPointerException^M
at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:691)^M
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:568)^M
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:475)^M
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)^M
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)^M
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)^M
at java.lang.reflect.Method.invoke(Method.java:324)^M
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)^M
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)^M
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)^M
at java.security.AccessController.doPrivileged(Native Method)^M
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)^M
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)^M
at Test.main(Test.java:8)^M
^M
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:730)^M
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)^M
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)^M
at java.security.AccessController.doPrivileged(Native Method)^M
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)^M
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)^M
at Test.main(Test.java:8)^M
Exception in thread "main" ^M
Note:
1. This test pass with solaris, linux, win NT and winXP
2. Java Code is from Seema Malkani
- backported by
-
JDK-2096853 Krb5LoginModule not able to find the right path to get ticketcache on W2K
-
- Resolved
-