Hi Christos
You mean the exception thrown in NativeGSSFactory.java lines 52-60?
Vector<GSSCredElement> creds = GSSUtil.searchSubject
(name, mech, initiate, GSSCredElement.class);
// If Subject is present but no native creds available
if (creds != null && creds.isEmpty()) {
if (GSSUtil.useSubjectCredsOnly(caller)) {
throw new GSSException(GSSException.NO_CRED);
}
}
Why would you leave GSSUtil.useSubjectCredsOnly to be true? IMHO, there
is no need to call JGSS through JAAS when you are using a native provider.
Thanks
Max
On 10/19/2012 05:26 AM, Sean Mullan wrote:
(Forwarding to security-dev as this should be discussed in that group, not
core-libs).
On 10/18/12 5:02 PM, chris...@zoulas.com wrote:
Hello,
This simple fix allows kerberos authentication to work with:
-Dsun.security.jgss.native=true
and microsoft's sqljdbc 4.0.2206.100 driver.
Enjoy,
christos
--- a/java/src/sun/security/jgss/GSSUtil.java Mon Oct 15 17:43:08 2012 -0400
+++ b/java/src/sun/security/jgss/GSSUtil.java Mon Oct 15 17:44:28 2012 -0400
@@ -333,10 +333,19 @@
Subject accSubj = Subject.getSubject(acc);
Vector<GSSCredentialSpi> result = null;
if (accSubj != null) {
- result = new Vector<GSSCredentialSpi>();
Iterator<GSSCredentialImpl> iterator =
accSubj.getPrivateCredentials
(GSSCredentialImpl.class).iterator();
+ // GSSCredentialImpl is only implemented in
+ // the non-native kerberos implementation,
+ // so if we don't get any elements here
+ // assume native and return null so that
+ // searchSubject does not fail. A better
+ // fix is to implement the code that handles
+ // this in native java.
+ if (!iterator.hasNext())
+ return null;
+ result = new Vector<GSSCredentialSpi>();
while (iterator.hasNext()) {
GSSCredentialImpl cred = iterator.next();
debug("...Found cred" + cred);