Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8031973

JCIFS with Kerberos doesn't work on JDK 7

XMLWordPrintable


      In KerberosAuthExample , after an user authentication, a ticket is retrieved.
      Using this ticket, a SMB folder is accessed and the files listed.
      When using Java 6, this example works perfectly.
      However, when using Java 7, I always receives
      jcifs.smb.SmbAuthException: Access is denied."

      refer to bugdb for reproducer.

      jcifs.smb.SmbAuthException: Access is denied.
      at jcifs.smb.SmbTransport.checkStatus(SmbTransport.java:596)
      at jcifs.smb.SmbTransport.send(SmbTransport.java:722)
      at jcifs.smb.Kerb5Authenticator.setup(Kerb5Authenticator.java:214)
      at jcifs.smb.Kerb5Authenticator.access$000(Kerb5Authenticator.java:30)
      at jcifs.smb.Kerb5Authenticator$1.run(Kerb5Authenticator.java:168)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.Subject.doAs(Subject.java:415)
      at jcifs.smb.Kerb5Authenticator.sessionSetup(Kerb5Authenticator.java:166 )
      at jcifs.smb.SmbSession.sessionSetup(SmbSession.java:320)
      at jcifs.smb.SmbSession.send(SmbSession.java:239)
      at jcifs.smb.SmbTree.treeConnect(SmbTree.java:176)
      at jcifs.smb.SmbFile.doConnect(SmbFile.java:925)
       at jcifs.smb.SmbFile.connect(SmbFile.java:974)
      at jcifs.smb.SmbFile.connect0(SmbFile.java:890)
      at jcifs.smb.SmbFile.getType(SmbFile.java:1302)
      at jcifs.smb.SmbFile.doEnum(SmbFile.java:1753)
      at jcifs.smb.SmbFile.listFiles(SmbFile.java:1735)
      at jcifs.smb.SmbFile.listFiles(SmbFile.java:1668)
      at KerberosAuthExample.main(KerberosAuthExample.java:42)

      As a workaround, KerberosAuthExample works on JDK7 if SMB signing is disabled on the Windows Server (http://support.exinda.com/topic/how-to-disable-smb-signing-on-windows-servers -to-improve-smb-performance).

      Also I found replacing the following classes in JDK 1.7 with the ones from JDK 1.6 make KerberosAuthExample succeed.
      com\sun\security\auth\module\Krb5LoginModule.class
      sun\security\krb5\Credentials$1.class
      sun\security\krb5\Credentials.class
       sun\security\krb5\EncryptedData.class
      sun\security\krb5\EncryptionKey.class
      sun\security\krb5\KrbAsrep.class
      sun\security\krb5\KrbAsReq.class
      sun\security\krb5\KrbKdcReq$1.class
      sun\security\krb5\KrbKdcReq$BpType.class
      sun\security\krb5\KrbKdcReq$KdcAccessibility.class
      sun\security\krb5\KrbKdcReq$KdcCommunication.class
      sun\security\krb5\KrbKdcReq.class
      sun\security\krb5\KrbTgsRep.class
      sun\security\krb5\internal\KerberosTime.class
      sun\security\krb5\internal\KRBError.class

            mbankal Mala Bankal (Inactive)
            asaha Abhijit Saha
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: