Re: BUG Report : 'krb5.ini' not found on Windows.
On 05/18/2011 02:43 AM, Jeffrey Altman wrote: > Application specific configuration files do not belong in \WINDOWS. > The correct place for krb5.ini is \ProgramData\Kerberos\krb5.ini which > requires that the environment variable KRB5_CONFIG be set to refer to > that file. > > I do not know whether or not Java will pay attention to the environment > variable. We are not reading this environment variable, will consider adding it. So, the logic will be 1. If java system property java.security.krb5.conf set, use it 2. If KRB5_CONFIG set, use it 3. If $JRE/lib/security/krb5.conf exists, use it 4. If Windows: a) If there is krb5.ini in GetWindowsDirectory, use it b) If there is krb5.ini in GetSystemWindowsDirectory, use it c) Use USERDNSDOMAIN and LOGONSERVER environment variables 5. If *nix: a) If Solaris, try /etc/krb5/krb5.conf b) Otherwise, try /etc/krb5.conf c) Use DNS Thanks Weijun > > Jeffrey Altman > > > On 5/17/2011 6:53 AM, Onkesh Bansal wrote: >> Hello, >> >> >> >> Configuration>> >> > Windows 2008 R2 (Service Pack 1) workstation. >> >> >> >> I am having this problem on my machine and am not able to figure out >> what is the root cause. >> >> The scenario seems with Terminal Services installed on the system and >> when the authentication has to be done via the LDAP over the local >> network. >> >> >> This BUG has been logged with ORACLE-JAVA at >> http://bugs.sun.com/view_bug.do?bug_id=6793475 and they have already >> provided with a work around. >> >> My Query is: >> >> 1. What is the reason behind this bug. I need to know the root >> cause for this. >> >> 2. What should be my steps (apart from the workaround provided >> with the bug resolution) so as to prevent any future re-occurrences? >> ie I need a fix. >> >> 3. Can it be related to the version changes of Kerberos or is it >> because of Windows 2008? >> >> >> >> Thanks& Regards, >> >> Onkesh Bansal >> >> Engineer-1 QA, >> >> Quark Media House (P) Ltd. >> >> oban...@quark.com >> >> >> Kerberos mailing list Kerberos@mit.edu >> https://mailman.mit.edu/mailman/listinfo/kerberos > > > > > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
Re: BUG Report : 'krb5.ini' not found on Windows.
On 5/17/2011 5:53 AM, Onkesh Bansal wrote: > Hello, > > > > Configuration>> > Windows 2008 R2 (Service Pack 1) workstation. > > > > I am having this problem on my machine and am not able to figure out > what is the root cause. > > The scenario seems with Terminal Services installed on the system and > when the authentication has to be done via the LDAP over the local > network. > > > This BUG has been logged with ORACLE-JAVA at > http://bugs.sun.com/view_bug.do?bug_id=6793475 and they have already > provided with a work around. > > My Query is: > > 1. What is the reason behind this bug. I need to know the root > cause for this. This is not a Kerberos issue, but a Java issue of how Java finds a krb5.conf or krb5.ini on the running system. See: http://download.oracle.com/javase/6/docs/technotes/guides/security/jgss/tutorials/KerberosReq.html As it says, "If the system property java.security.krb5.conf is set, its value is assumed to specify the path and file name." So you can add to the comamnd like -Djava.security.krb5.conf=/path.to/krb5.conf It says it then looks in in \lib\security so put it there. After that it gets a little mushy. > > 2. What should be my steps (apart from the workaround provided > with the bug resolution) so as to prevent any future re-occurrences? > ie I need a fix. They gave you a fix. > > 3. Can it be related to the version changes of Kerberos or is it > because of Windows 2008? Yes and no. Oracle/Java need to address this issue on every system they run under, including 2008 with terminal server. Note: Windows itself does not use a krb5.ini or krb5.conf, so the location is based on where Oracle/java or some other Kerberos application expect it to be. > > > > Thanks& Regards, > > Onkesh Bansal > > Engineer-1 QA, > > Quark Media House (P) Ltd. > > oban...@quark.com > > > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > > -- Douglas E. Engert Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
Re: BUG Report : 'krb5.ini' not found on Windows.
Application specific configuration files do not belong in \WINDOWS. The correct place for krb5.ini is \ProgramData\Kerberos\krb5.ini which requires that the environment variable KRB5_CONFIG be set to refer to that file. I do not know whether or not Java will pay attention to the environment variable. Jeffrey Altman On 5/17/2011 6:53 AM, Onkesh Bansal wrote: > Hello, > > > > Configuration>> > Windows 2008 R2 (Service Pack 1) workstation. > > > > I am having this problem on my machine and am not able to figure out > what is the root cause. > > The scenario seems with Terminal Services installed on the system and > when the authentication has to be done via the LDAP over the local > network. > > > This BUG has been logged with ORACLE-JAVA at > http://bugs.sun.com/view_bug.do?bug_id=6793475 and they have already > provided with a work around. > > My Query is: > > 1. What is the reason behind this bug. I need to know the root > cause for this. > > 2. What should be my steps (apart from the workaround provided > with the bug resolution) so as to prevent any future re-occurrences? > ie I need a fix. > > 3. Can it be related to the version changes of Kerberos or is it > because of Windows 2008? > > > > Thanks & Regards, > > Onkesh Bansal > > Engineer-1 QA, > > Quark Media House (P) Ltd. > > oban...@quark.com > > > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos signature.asc Description: OpenPGP digital signature Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
BUG Report : 'krb5.ini' not found on Windows.
Hello, Configuration>> >>>Windows 2008 R2 (Service Pack 1) workstation. I am having this problem on my machine and am not able to figure out what is the root cause. The scenario seems with Terminal Services installed on the system and when the authentication has to be done via the LDAP over the local network. This BUG has been logged with ORACLE-JAVA at http://bugs.sun.com/view_bug.do?bug_id=6793475 and they have already provided with a work around. My Query is: 1. What is the reason behind this bug. I need to know the root cause for this. 2. What should be my steps (apart from the workaround provided with the bug resolution) so as to prevent any future re-occurrences? ie I need a fix. 3. Can it be related to the version changes of Kerberos or is it because of Windows 2008? Thanks & Regards, Onkesh Bansal Engineer-1 QA, Quark Media House (P) Ltd. oban...@quark.com Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos