Bug ID: 5100483 Kerberos module cannot authentiate with different KDCs/principal names

5100483 : Kerberos module cannot authentiate with different KDCs/principal names

Details

Type:	Bug	Submit Date:	2004-09-10
Status:	Resolved	Updated Date:	2004-11-09
Project Name:	JDK	Resolved Date:	2004-11-09
Component:	security-libs	OS:	solaris_8
Sub-Component:	java.security	CPU:	other
Priority:	P3
Resolution:	Fixed
Affected Versions:	1.4.2_04
Fixed Versions:	6

Related Reports

Backport:	JDK-2124367 - Kerberos module cannot authentiate with different KDCs/principal names
Backport:	JDK-2123041 - Kerberos module cannot authentiate with different KDCs/principal names

Sub Tasks

Description

Using com.sun.security.auth.module.Krb5LoginModule to do service login, 
it succeeds with the first KDC(whichever) but fails to the 2nd KDC later. 

See comments for details:

###@###.### 2004-11-08 20:29:36 GMT

Comments

EVALUATION


###@###.### 2004-09-13

When the application server authenticatates service #1, is is successful. However, when the application server authenticates service #2, using different
KDC/realm/principal, the Kerberos configuration would need to be refreshed. Hence you would need to configure the Krb5LoginModule to refresh the Kerberos
configuration, using the option "refreshKrb5config=true".

However, even after refreshing the Kerberos configuration, application
server failed to authenitcate service #2. Upon further investigation,
it appears that the KDC and Kerberos realm were all refreshed, however,
the 2nd keytab is not loaded. This is because the keytab class still has
the old entries from the 1st keytab. 

The KeyTab class is designed  to be a singleton. This can be only one 
instance of the Keytab. We need to refresh the keytab instance, when
the Kerberos configuration is refreshed.

 11-08-04 [Seema malkani]
 Have fixed Kerberos Login Module to allow to authenticate
 to services with different KDCs.
 
###@###.### 2004-11-08 20:26:14 GMT
###@###.### 2004-11-08 20:27:28 GMT

2004-11-08

SELECT A COUNTRY/REGION
Africa Operation Argentina Australia Austria Bahrain Bangladesh Belgium & Luxembourg Belize Bhutan Bolivia Bosnia & Herzegovina Brasil Brunei Bulgaria Cambodia Canada - English Canada - French Chile China Colombia	Costa Rica Croatia Cyprus Czech Republic Denmark Ecuador Egypt Estonia Finland France Germany Greece Guatemala Honduras Hong Kong Hungary India Indonesia Iraq Ireland	Israel Italy Japan Jordan Kazakhstan Korea Kuwait Laos Latvia Lebanon Lithuania Malaysia Maldives Malta Mexico Moldova Nepal Netherlands New Zealand Nicaragua	Norway Oman Pakistan Panama Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Saudi Arabia Serbia & Montenegro Singapore Slovakia Slovenia South Africa Spain	Sri Lanka Sweden Switzerland -- French Switzerland -- German Taiwan Thailand Turkey Ukraine United Arab Emirates United Kingdom United States Uruguay Venezuela Vietnam Yemen

Hardware and Software, Engineered to Work Together