-
Enhancement
-
Resolution: Fixed
-
P3
-
5.0
-
b63
-
x86
-
linux
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2132501 | 5.0u7 | Weijun Wang | P3 | Resolved | Fixed | b01 |
| JDK-2132539 | 1.4.2_12 | Hao Dong | P3 | Resolved | Fixed | b02 |
A DESCRIPTION OF THE REQUEST :
The JGSS Kerberos implementation expects the credential cache file specified in KRB5CCNAME to be stored in network (big-endian) byte order.
However, the file created by the kinit(1) distributed with other kerberos vendors(e.g. MIT) is stored in host byte order. This means that on little-endian architectures used for Linux and win32 hosts the file cannot be read in Java without using the kinit distributed with Java.
JUSTIFICATION :
The purpose of kerberos is single sign-on. With a very small change-- simply toggling the byte order of integers in the credential cache file depending on the host architecture, JGSS could cleanly interoperate with existing kerberos implemenations.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
JGSS should create and read the kerberos credential cache file in a byte order dependent on the host architecture.
ACTUAL -
JGSS creates and reads the kerberos credential cache file in big endian byte order only.
CUSTOMER SUBMITTED WORKAROUND :
The temporary solution is to rewrite the credential cache into the correct byte order before JGSS attempts to use it. This is a huge hack and requires parsing the non-trivial binary ticket file format.
The JGSS Kerberos implementation expects the credential cache file specified in KRB5CCNAME to be stored in network (big-endian) byte order.
However, the file created by the kinit(1) distributed with other kerberos vendors(e.g. MIT) is stored in host byte order. This means that on little-endian architectures used for Linux and win32 hosts the file cannot be read in Java without using the kinit distributed with Java.
JUSTIFICATION :
The purpose of kerberos is single sign-on. With a very small change-- simply toggling the byte order of integers in the credential cache file depending on the host architecture, JGSS could cleanly interoperate with existing kerberos implemenations.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
JGSS should create and read the kerberos credential cache file in a byte order dependent on the host architecture.
ACTUAL -
JGSS creates and reads the kerberos credential cache file in big endian byte order only.
CUSTOMER SUBMITTED WORKAROUND :
The temporary solution is to rewrite the credential cache into the correct byte order before JGSS attempts to use it. This is a huge hack and requires parsing the non-trivial binary ticket file format.
- backported by
-
JDK-2132501 JGSS requires big-endian credential cache
-
- Resolved
-
-
-
- Resolved
-