-
Type:
Bug
-
Resolution: Not an Issue
-
Priority:
P3
-
None
-
Affects Version/s: 7
-
Component/s: security-libs
-
x86
-
windows_xp
FULL PRODUCT VERSION :
java 1.7.0_04-b22
ADDITIONAL OS VERSION INFORMATION :
ver Microsoft windows XP
EXTRA RELEVANT SYSTEM CONFIGURATION :
java running in Windows XP
AD server is Windows Server 2003
A DESCRIPTION OF THE PROBLEM :
When we use java 1.6.0_20-b02 , everything is OK.
Then we changed into java 1.7.0_04-b22.
When Executed API of " javax.security.auth.login.LoginContext.login()" ,an error occurred :
"javax.security.auth.login.LoginException: Cannot locate default realm"
We looked at the rt. Jar source code of java7, found that the following position lead to error:
sun.security.krb5.Config#getDefaultRealm()
----------------
if (str == null) {
KrbException localKrbException2 = new KrbException("Cannot locate default realm");
if (localObject != null)
localKrbException2.initCause(localObject);
throw localKrbException2;
}
------------------
After changing the content of the configuration file "krb5.conf" as followed, there is no problem any more.
berfore changing:
----------------------------
[libdefaults]
kdc_timeout = 3000
max_retries = 1
default_tkt_enctypes = des3-cbc-sha1 des-cbc-md5 rc4-hmac des-cbc-crc
default_tgs_enctypes = des3-cbc-sha1 des-cbc-md5 rc4-hmac des-cbc-crc
permitted_enctypes = des3-cbc-sha1 des-cbc-md5 rc4-hmac des-cbc-crc
[realms]
MYLDAP.COM = {
kdc = icd-umac30.myldap.com:88
}
---------------------------------
After changing:
---------------------------------
[libdefaults]
kdc_timeout = 3000
max_retries = 1
default_tkt_enctypes = des3-cbc-sha1 des-cbc-md5 rc4-hmac des-cbc-crc
default_tgs_enctypes = des3-cbc-sha1 des-cbc-md5 rc4-hmac des-cbc-crc
permitted_enctypes = des3-cbc-sha1 des-cbc-md5 rc4-hmac des-cbc-crc
default_realm = something
[realms]
MYLDAP.COM = {
kdc = icd-umac30.myldap.com:88
}
---------------------------------
Add “default_realm = something” will be OK, even if there is no realm of "something".
We know the solution to avoid error, but we think that this kind of situation is not correct.
Why setting like this in java 1.7.0_04 ?
This is a bug, isn't it?
REGRESSION. Last worked in version 7
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The action of executing the API of " javax.security.auth.login.LoginContext.login()" in1.7.0_04-b22 and 1.6.0_20-b02 should be the same(execute result is OK).
ACTUAL -
The result of executing the API of " javax.security.auth.login.LoginContext.login()" in1In 1.6.0_20-b02 is OK.
The result of executing the API of " javax.security.auth.login.LoginContext.login()" in1.7.0_04-b22 is that accurs error"javax.security.auth.login.LoginException: Cannot locate default realm".
ERROR MESSAGES/STACK TRACES THAT OCCUR :
javax.security.auth.login.LoginException: Cannot locate default realm
REPRODUCIBILITY :
This bug can be reproduced always.
java 1.7.0_04-b22
ADDITIONAL OS VERSION INFORMATION :
ver Microsoft windows XP
EXTRA RELEVANT SYSTEM CONFIGURATION :
java running in Windows XP
AD server is Windows Server 2003
A DESCRIPTION OF THE PROBLEM :
When we use java 1.6.0_20-b02 , everything is OK.
Then we changed into java 1.7.0_04-b22.
When Executed API of " javax.security.auth.login.LoginContext.login()" ,an error occurred :
"javax.security.auth.login.LoginException: Cannot locate default realm"
We looked at the rt. Jar source code of java7, found that the following position lead to error:
sun.security.krb5.Config#getDefaultRealm()
----------------
if (str == null) {
KrbException localKrbException2 = new KrbException("Cannot locate default realm");
if (localObject != null)
localKrbException2.initCause(localObject);
throw localKrbException2;
}
------------------
After changing the content of the configuration file "krb5.conf" as followed, there is no problem any more.
berfore changing:
----------------------------
[libdefaults]
kdc_timeout = 3000
max_retries = 1
default_tkt_enctypes = des3-cbc-sha1 des-cbc-md5 rc4-hmac des-cbc-crc
default_tgs_enctypes = des3-cbc-sha1 des-cbc-md5 rc4-hmac des-cbc-crc
permitted_enctypes = des3-cbc-sha1 des-cbc-md5 rc4-hmac des-cbc-crc
[realms]
MYLDAP.COM = {
kdc = icd-umac30.myldap.com:88
}
---------------------------------
After changing:
---------------------------------
[libdefaults]
kdc_timeout = 3000
max_retries = 1
default_tkt_enctypes = des3-cbc-sha1 des-cbc-md5 rc4-hmac des-cbc-crc
default_tgs_enctypes = des3-cbc-sha1 des-cbc-md5 rc4-hmac des-cbc-crc
permitted_enctypes = des3-cbc-sha1 des-cbc-md5 rc4-hmac des-cbc-crc
default_realm = something
[realms]
MYLDAP.COM = {
kdc = icd-umac30.myldap.com:88
}
---------------------------------
Add “default_realm = something” will be OK, even if there is no realm of "something".
We know the solution to avoid error, but we think that this kind of situation is not correct.
Why setting like this in java 1.7.0_04 ?
This is a bug, isn't it?
REGRESSION. Last worked in version 7
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The action of executing the API of " javax.security.auth.login.LoginContext.login()" in1.7.0_04-b22 and 1.6.0_20-b02 should be the same(execute result is OK).
ACTUAL -
The result of executing the API of " javax.security.auth.login.LoginContext.login()" in1In 1.6.0_20-b02 is OK.
The result of executing the API of " javax.security.auth.login.LoginContext.login()" in1.7.0_04-b22 is that accurs error"javax.security.auth.login.LoginException: Cannot locate default realm".
ERROR MESSAGES/STACK TRACES THAT OCCUR :
javax.security.auth.login.LoginException: Cannot locate default realm
REPRODUCIBILITY :
This bug can be reproduced always.