-
Bug
-
Resolution: Not an Issue
-
P4
-
None
-
12.0.1
-
x86_64
-
os_x
ADDITIONAL SYSTEM INFORMATION :
Tested with Java 12 on OSX 10.14.6 Mojave
With the security manager disabled, or enabled with permission java.security.AllPermission, the KerberosTicket is being retrieved. The error occurs when one attempts to reduce the permissions to the minimal set required.
A DESCRIPTION OF THE PROBLEM :
A detailed report of the issue is provided at https://stackoverflow.com/questions/57540932/jaas-kerberos-authentication-keeps-failing-with-the-security-manager-enabled-de
Despite the proper permission javax.security.auth.PrivateCredentialPermission granted in the policy file, the access to javax.security.auth.kerberos.KerberosTicket is denied.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Steps for reproducing the issue are provided at the link given above.
In login.conf:
Krb5LoginContext {
com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true;
};
In security.policy:
grant {
// more policies
permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KerberosTicket javax.security.auth.kerberos.Principal \"*\"", "read";
}
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
access: access allowed ("javax.security.auth.AuthPermission" "modifyPrincipals")
access: access allowed ("javax.security.auth.AuthPermission" "modifyPrivateCredentials")
access: access allowed ("javax.security.auth.PrivateCredentialPermission" "javax.security.auth.kerberos.KerberosTicket" "read")
ACTUAL -
access: access allowed ("javax.security.auth.AuthPermission" "modifyPrincipals")
access: access allowed ("javax.security.auth.AuthPermission" "modifyPrivateCredentials")
access: access denied ("javax.security.auth.PrivateCredentialPermission" "javax.security.auth.kerberos.KerberosTicket" "read")
---------- BEGIN SOURCE ----------
See link given above
---------- END SOURCE ----------
Tested with Java 12 on OSX 10.14.6 Mojave
With the security manager disabled, or enabled with permission java.security.AllPermission, the KerberosTicket is being retrieved. The error occurs when one attempts to reduce the permissions to the minimal set required.
A DESCRIPTION OF THE PROBLEM :
A detailed report of the issue is provided at https://stackoverflow.com/questions/57540932/jaas-kerberos-authentication-keeps-failing-with-the-security-manager-enabled-de
Despite the proper permission javax.security.auth.PrivateCredentialPermission granted in the policy file, the access to javax.security.auth.kerberos.KerberosTicket is denied.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Steps for reproducing the issue are provided at the link given above.
In login.conf:
Krb5LoginContext {
com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true;
};
In security.policy:
grant {
// more policies
permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KerberosTicket javax.security.auth.kerberos.Principal \"*\"", "read";
}
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
access: access allowed ("javax.security.auth.AuthPermission" "modifyPrincipals")
access: access allowed ("javax.security.auth.AuthPermission" "modifyPrivateCredentials")
access: access allowed ("javax.security.auth.PrivateCredentialPermission" "javax.security.auth.kerberos.KerberosTicket" "read")
ACTUAL -
access: access allowed ("javax.security.auth.AuthPermission" "modifyPrincipals")
access: access allowed ("javax.security.auth.AuthPermission" "modifyPrivateCredentials")
access: access denied ("javax.security.auth.PrivateCredentialPermission" "javax.security.auth.kerberos.KerberosTicket" "read")
---------- BEGIN SOURCE ----------
See link given above
---------- END SOURCE ----------