Java Solaris Communities Sun Store Join SDN My Profile Why Join?
» search tips 
Sun Developer Network
Developers Home > Products & Technologies > Java Technology > Community > Bug Database >
Join SDNWhy Join
 
Bug Database
Bug Detail
Quick Lists
Top 25 Bugs
Top 25 RFE's
Recently Closed Bugs
Printable Page Printable Page


Bug Database
Welcome
 
»  Login
»  Report a Bug
»  FAQs
  Bug Watch List:
» Watch this Bug
 Bug Votes:
 This bug is Closed.You cannot Vote for it.
Bug ID: 6714845
Votes 0
Synopsis Quotes in Kerberos configuration file are included in the values
Category jgss:krb5plugin
Reported Against
Release Fixed 7(b57)
State 10-Fix Delivered, bug
Priority: 4-Low
Related Bugs
Submit Date 16-JUN-2008
Description 
FULL PRODUCT VERSION :
java version "1.6.0_06"
Java(TM) SE Runtime Environment (build 1.6.0_06-b02)
Java HotSpot(TM) Client VM (build 10.0-b22, mixed mode, sharing)


ADDITIONAL OS VERSION INFORMATION :
Linux, OSX

A DESCRIPTION OF THE PROBLEM :
When using a Kerberos config file (via the 'java.security.krb5.conf' system property) that contains values between quotes, the quotes are part of the values.

For example:

[libdefaults]
	default_realm = "THE.REALM"
	...

If the realm is between double-quotes, Krb5LoginModule will look for name@"THE.REALM" instead of   xxxxx@xxxxx  , and thus fail.

Some tools, including the "Kerberos Ticket Viewer" in OSX generate such configuration files, with quotes (it's called /Library/Preferences/edu.mit.Kerberos on OSX, equivalent to /etc/krb5.conf on many Linux distributions). Admittedly, Java on OSX isn't necessarily Sun's problem, but tolerance to quotes in the MIT Kerberos configuration file would be  customer , regardless of the OS. The problem occurs with the Sun implementation on Linux (and with Apple Java SDK on OSX) when the configuration file uses values between quotes. Other tools such as MIT kinit (on Linux or OSX) seem unaffected by quotes.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Use any example code from the tutorials that use a Kerberos configuration file, using the 'java.security.krb5.conf' system property.

The login configuration file should contain something that looks like this (perhaps with minor variations):

com.sun.security.jgss.krb5.accept {
  com.sun.security.auth.module.Krb5LoginModule required
    debug=true
    doNotPrompt=true
    useKeyTab=true
    keyTab=file.keytab
    storeKey=true
    principal="name";
};

Try to change your configuration file to include double-quotes, and perhaps activate the debugging options (-Dsun.security.krb5.debug=true -Dsun.security.jgss.debug=true).

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The principal   xxxxx@xxxxx   should be loaded. Other tools such as MIT kinit (on Linux or OSX) seem unaffected by quotes.
ACTUAL -
The principal configured in the login file cannot be found.

ERROR MESSAGES/STACK TRACES THAT OCCUR :
Key for the principal name@"THE.REALM" not available in file.keytab

("THE.REALM", "name" and "file.keytab" should be replaced with the actual names used for testing)

REPRODUCIBILITY :
This bug can be reproduced always.

CUSTOMER SUBMITTED WORKAROUND :
Removing the quotes in the configuration file makes it work.
Posted Date : 2008-06-16 09:50:59.0
Work Around 
N/A
Evaluation 
Fixed, removing quotations from values.

Note that this is only a simple fix, no escape character support, since that should not appear in a normal krb5.conf file.
Posted Date : 2009-04-09 07:44:03.0

http://hg.openjdk.java.net/jdk7/tl/jdk/rev/8d37331265ae
Posted Date : 2009-04-09 07:44:03.0
Comments
  
  Include a link with my name & email   


PLEASE NOTE: JDK6 is formerly known as Project Mustang





About Sun  |  About This Site  |  Newsletters  |  Contact Us  |  Employment
How to Buy  |  Licensing  |  Terms of Use  |  Privacy  |  Trademarks
 

 
© 2010, Oracle Corporation and/or its affiliates
A Sun Developer Network Site

Unless otherwise licensed, code in all technical manuals herein (including articles, FAQs, samples) is provided under this License.
 
XML Content Feeds