Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8028351

JWS doesn't get authenticated when using kerberos auth proxy

    XMLWordPrintable

Details

    • b120
    • generic
    • windows
    • Verified

    Backports

      Description

        Cu has proved that kerberos set up correctly by using IE. IE can browse
        internet via Kerberos authentication. But JWS cannot.

        From network capture, they saw AS-REP "KRB5KDC_ERR_PREAUTH_REQUIRED" and
        "KRBKDC_ERR_PREAUTH_FAILED" when allowtgtsessionkey = 0 for request
        krbtgt/DOMAIN to AD server. When allowtgtsessionkey = 1, they got TGS-REP
        "KRB5KRB_AP_ERR_MODIFIED" for HTTP/squidproxy.domain.

        If they disable kerberos pre- authentication for that user and user was KINIT
        in JRE/bin before launch JNLP, JWS can download properly.

        system configuration
        ====================
        Environment - Squid proxy with Kerberos authentication enabled. Squid OS is
        Ubuntu. AD is Windows 2008. Client is Windows 7 x86 with 7u45

        javaws -J-Dsun.security.krb5.debug=true <http://your jnlp>

        And the log can be found in https://mos-cores.us.oracle.com/web/cores/3-8062194441/tds-2013-11-13/javaws5447623760750531854.log

        They use krb5.ini that is available in https://mos-cores.us.oracle.com/web/cores/3-8062194441/tds-2013-11-08/krb5.ini

        Attachments

          Issue Links

            Activity

              People

                weijun Weijun Wang
                mbankal Mala Bankal (Inactive)
                Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: