-
Bug
-
Resolution: Not an Issue
-
P4
-
None
-
8, 11, 12
-
x86_64
-
linux
A DESCRIPTION OF THE PROBLEM :
The parsing mechanism in sun/security/krb5/Config.java incorrect assumes only 3 types of lines are possible
1. a = b
2. a = {
3. }
auth_to_local rules in MIT Kerberos (which java follows) are of the format
a = {
value
}
hence auth_to_local rules are impossible to read as a KrbException("Illegal config content") is thrown when encountering "value"
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Create a krb5.conf with auth_to_local rules like this (straight from MIT Kerberos man page)
[realms]
ATHENA.MIT.EDU = {
auth_to_local = {
RULE:[2:$1](johndoe)s/^.*$/guest/
RULE:[2:$1;$2](^.*;admin$)s/;admin$//
RULE:[2:$2](^.*;root)s/^.*$/root/
DEFAULT
}
}
try to use "get("realms", "ATHENA.MIT.EDU", "auth_to_local")
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
String of "auth_to_local" value.
ACTUAL -
KrbException("Illegal config content")
The parsing mechanism in sun/security/krb5/Config.java incorrect assumes only 3 types of lines are possible
1. a = b
2. a = {
3. }
auth_to_local rules in MIT Kerberos (which java follows) are of the format
a = {
value
}
hence auth_to_local rules are impossible to read as a KrbException("Illegal config content") is thrown when encountering "value"
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Create a krb5.conf with auth_to_local rules like this (straight from MIT Kerberos man page)
[realms]
ATHENA.MIT.EDU = {
auth_to_local = {
RULE:[2:$1](johndoe)s/^.*$/guest/
RULE:[2:$1;$2](^.*;admin$)s/;admin$//
RULE:[2:$2](^.*;root)s/^.*$/root/
DEFAULT
}
}
try to use "get("realms", "ATHENA.MIT.EDU", "auth_to_local")
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
String of "auth_to_local" value.
ACTUAL -
KrbException("Illegal config content")