United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-6483218 : Provide a default login configuration

Details
Type:
Bug
Submit Date:
2006-10-18
Status:
Closed
Updated Date:
2011-05-26
Project Name:
JDK
Resolved Date:
2011-03-07
Component:
security-libs
OS:
generic
Sub-Component:
org.ietf.jgss
CPU:
generic
Priority:
P4
Resolution:
Fixed
Affected Versions:
6
Fixed Versions:

Related Reports

Sub Tasks

Description
Provide a default login configuration when using Java GSS without JAAS.

Currently Java GSS without JAAS requires a JAAS configuration file with default
entries "com.sun.security.jgss.initiate" and "com.sun.security.jgss.accept".
This works fine, however, user always needs to provide a jaas.conf file.

Java GSS always relies on the existence of JAAS configuration file.
If the jaas.conf file is not provided, Java GSS should be able
to use a built-in default JAAS configuration, with default options to use.

Desired default JAAS Krb5LoginModule options:

Client-side:
   - useTicketCache=true
   - doNotPrompt=false

Server-side:
   - useKeyTab=true
   - storeKey=true
   - doNotPrompt=true
   - isInitiator=false

                                    

Comments
EVALUATION

What we need to provide is not a default *Configuration*, but a default *AppConfigurationEntry[]* for the JGSS named entries.

The reason is that users may still have JAAS configuration files as ~/java.login.config etc etc for their JAAS programs. However, when they write JGSS programs, they may not realize that entries like com.sun.security.jgss.krb5.* are needed *inside* the file, I believe this is the case we want to give them a default setting.

So, I'd like to --

1. In Configuration.getConfiguration
   a. Throw Exception if bad file syntax, or files specified by don't exist (for java.security.auth.login.config and/or login.config.url.n)
   b. return empty if not specified at all 
   c. return something if there's such a valid file (may still be empty ;) )

2. In LoginConfigImpl.java
   1) find the entry and return the content
   2) if entry not found, return default
                                     
2006-11-21



Hardware and Software, Engineered to Work Together