You are still using JAAS? There is no need to call Krb5LoginModule or
read credentials cache yourself if you are using native kerberos. Just
call JGSS APIs directly.
Thanks
Weijun
On 10/19/2012 11:17 PM, chris...@zoulas.com wrote:
On Oct 19, 8:50am, chris...@zoulas.com (Christos Zoulas) wrote:
-- Subject: Re: bug fix for native kerberos libraries
Hi Weijun,
I verified that setting -Djavax.security.auth.useSubjectCredsOnly=false
fixes this issue, but then unless I brought in my other patch from jdk6,
I get:
javax.security.auth.login.LoginException: Unable to obtain Princpal Name
for authentication
Someone should fix the typo in the exception string, but also why do I need
this?
Thanks,
christos
---
bsd-port/jdk/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java
2011-07-17 20:36:08.000000000 -0400
+++ ./Krb5LoginModule.java 2012-10-19 10:51:02.027729713 -0400
@@ -624,6 +624,29 @@
// ticketCacheName == null implies the default cache
if (debug)
System.out.println("Acquire TGT from Cache");
+ if (ticketCacheName == null) {
+ /*
+ * http://docs.oracle.com/cd/E19082-01/819-2252/\
+ * 6n4i8rtr3/index.html
+ */
+ String krb5CCName = System.getenv("KRB5CCNAME");
+ if (krb5CCName != null) {
+ final String filePrefix = "FILE:";
+ final String memoryPrefix = "MEMORY:";
+ if (krb5CCName.startsWith(filePrefix))
+ ticketCacheName = krb5CCName.substring(
+ filePrefix.length());
+ else if (krb5CCName.startsWith(memoryPrefix))
+ ticketCacheName = krb5CCName.substring(
+ memoryPrefix.length());
+ else
+ ticketCacheName = krb5CCName;
+ if (debug)
+ System.out.println("Located ticket cache "
+ + ticketCacheName
+ + " through environment variable KRB5CCNAME.");
+ }
+ }
cred = Credentials.acquireTGTFromCache
(principal, ticketCacheName);
