-
Bug
-
Resolution: Not an Issue
-
P4
-
None
-
8u161
-
x86_64
-
windows_7
FULL PRODUCT VERSION :
$ java -version
java version "1.8.0_161"
Java(TM) SE Runtime Environment (build 1.8.0_161-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.161-b12, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Windows Server 2012 R2 && Windows 7 both show the behavior when running the Java application.
A DESCRIPTION OF THE PROBLEM :
When using JAAS to authenticate to a local Active Directory Domain, it is successful with a password like "Abc12345" but unsuccessful with the password "Abç12345".
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Have an AD user that has a password with a French character and try the username and password to authenticate using JAAS to that domain.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
User should be able to login no matter what characters are in their password.
ACTUAL -
User is not allowed to authenticate.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Actual error from domain authentication: Pre-authentication information was invalid (24)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
Here is a short sample of our code that does this.
final String krb5Config = KERBEROS_LOGIN_CONFIG;
final String userName = adjustUserName(uid.getName() );
KnownCredentialsCallback callback =
new KnownCredentialsCallback(userName, password);
LoginContext lc = null;
try
{
lc = new LoginContext(krb5Config, callback);
lc.login();
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Dont use French characters in your password.
$ java -version
java version "1.8.0_161"
Java(TM) SE Runtime Environment (build 1.8.0_161-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.161-b12, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Windows Server 2012 R2 && Windows 7 both show the behavior when running the Java application.
A DESCRIPTION OF THE PROBLEM :
When using JAAS to authenticate to a local Active Directory Domain, it is successful with a password like "Abc12345" but unsuccessful with the password "Abç12345".
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Have an AD user that has a password with a French character and try the username and password to authenticate using JAAS to that domain.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
User should be able to login no matter what characters are in their password.
ACTUAL -
User is not allowed to authenticate.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Actual error from domain authentication: Pre-authentication information was invalid (24)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
Here is a short sample of our code that does this.
final String krb5Config = KERBEROS_LOGIN_CONFIG;
final String userName = adjustUserName(uid.getName() );
KnownCredentialsCallback callback =
new KnownCredentialsCallback(userName, password);
LoginContext lc = null;
try
{
lc = new LoginContext(krb5Config, callback);
lc.login();
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Dont use French characters in your password.
