Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6716534

Krb5LoginModule has not cleaned temp info between authentication attempts

    XMLWordPrintable

Details

    • b31
    • generic
    • generic
    • Verified

    Description

      Krb5LoginModule's cleanState() has not clean all temp info. In the case of using tryFirstPass=true, this means if the password given in the sharedState is not correct, the encryption keys generated from the wrong password will not be cleaned before the second try. On the other hand, the class simply uses the existence of the keys to determine if they need to be generated again. Hence even if the correct password is provided in the second try, it will be never used and the authentication will always fail.

      Attachments

        Issue Links

          relates to

          Enhancement - null JDK-8075299 Additional tests for krb5 settings

          • P2 - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              weijun Weijun Wang
              weijun Weijun Wang
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                Imported:
                Indexed: