United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: 5102695 REGRESSION: JNDI example with SASL/GSSAPI does not work with J2SE 5.0
5102695 : REGRESSION: JNDI example with SASL/GSSAPI does not work with J2SE 5.0

Details
Type:
Bug
Submit Date:
2004-09-15
Status:
Resolved
Updated Date:
2006-02-04
Project Name:
JDK
Resolved Date:
2006-02-04
Component:
security-libs
OS:
linux_redhat_3.0,windows_2000
Sub-Component:
java.security
CPU:
x86
Priority:
P3
Resolution:
Fixed
Affected Versions:
5.0,5.0u6
Fixed Versions:
6

Related Reports
Backport:
JDK-2133524 - REGRESSION: JNDI example with SASL/GSSAPI does not work with J2SE 5.0
Duplicate:
JDK-5102607 - JNDI example with SASL/GSSAPI does not work with J2SE 5.0
Duplicate:
JDK-6405454 - AuthenticationException using kerberos/LDAP/JAAS on RHLinux

Sub Tasks

Description
Name: jl125535			Date: 09/15/2004


URL OF FAULTY DOCUMENTATION :
http://java.sun.com/products/jndi/tutorial/ldap/security/gssapi.html

A DESCRIPTION OF THE PROBLEM :
The example works fine with J2SE 1.4, but with J2SE 5.0 the following exception is thrown:


javax.naming.NamingException: [LDAP: error code 80 - GSSAPI: gss_unwrap:  A token had an invalid MIC; Success; ]
	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3029)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732)
	at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)
	at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
	at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
	at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
	at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
	at javax.naming.InitialContext.init(InitialContext.java:223)
	at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
	at JndiAction.performJndiOperation(GssExample.java:144)
	at JndiAction.run(GssExample.java:105)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAs(Subject.java:337)
	at GssExample.main(GssExample.java:90)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:585)
	at com.intellij.rt.execution.application.AppMain.main(AppMain.java:78)



I am using OpenLDAP 2.1.4 .

Release Regression From : 1.4.2
The above release value was the last known release where this 
bug was known to work. Since then there has been a regression.

(Incident Review ID: 310807) 
======================================================================

Comments
EVALUATION

Fixed the signing algorithm in Java GSS when using "des-cbc-crc" as the 
encryption type. JNDI example works correctly now.
2006-01-24 
EVALUATION

NOTE: This bug causes compatibility problem, and also results on interop issue.
**Should be fixed**
2006-01-10 
EVALUATION

This problem is only seen when using "des-cbc-crc" as the encryption type. 

The underlying problem is in Java GSS, with the signing algroithm used, when using "des-cbc-crc" as the encryption type. Plan to fix this shortly.
2006-01-09 
EVALUATION

example worked in 1.4.2, does not work in 1.5.0
###@###.### 2004-09-16
2004-09-16


Hardware and Software, Engineered to Work Together