United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-6572805 : regression: krb5 log in failed

Details
Type:
Bug
Submit Date:
2007-06-22
Status:
Resolved
Updated Date:
2011-02-16
Project Name:
JDK
Resolved Date:
2007-08-01
Component:
security-libs
OS:
generic,solaris_10
Sub-Component:
java.security
CPU:
sparc,generic
Priority:
P3
Resolution:
Fixed
Affected Versions:
1.4.2,1.4.2_14
Fixed Versions:
1.4.2_18 (b05)

Related Reports
Relates:
Relates:

Sub Tasks

Description
FULL PRODUCT VERSION :
java version "1.4.2_14"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_14-b05)
Java HotSpot(TM) Client VM (build 1.4.2_14-b05, mixed mode)

ADDITIONAL OS VERSION INFORMATION :
SunOS webapp-test3.Stanford.EDU 5.8 Generic_117350-43 sun4u sparc SUNW,UltraAX-i2

EXTRA RELEVANT SYSTEM CONFIGURATION :
kerberos 5 log into open ldap

A DESCRIPTION OF THE PROBLEM :
We use kerberos 5 log into open ldap. jdk1.4.2_13 works. When we updates JDK to 1.4.2_14. The login failed.
JDK1.6, JDK1.5, and j2sdk1.4.2_13 work fine. The problem version is J2sdk1.4.2_14. 

ERROR MESSAGES/STACK TRACES THAT OCCUR :
edu.stanford.newdirector
y.JNDIDirectoryImpl - authentication attempt failedjavax.security.auth.login.Log
inException: java.lang.NullPointerException
        at java.lang.StringBuffer.append(StringBuffer.java:467)
        at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Kr
b5LoginModule.java:576)
        at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.ja
va:475)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:324)
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)


REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
Attached seperatly
---------- END SOURCE ----------

                                    

Comments
EVALUATION

Fixed via 1.4.2_17-rev-b10
                                     
2008-04-03
SUGGESTED FIX

http://jpsesvr.sfbay.sun.com:8080/ctetools/html/ViewDetail.jsp?index=2223
                                     
2007-07-17
WORK AROUND

We do have a workaround for the customer in JDK 1.4.2_15. 

Please ask the customer to download JDK 1.4.2_15, and set option 
"isInitiator=false" in the JAAS Kerberos configuration file 
at the acceptor end.

com.sun.security.jgss.accept {
  com.sun.security.auth.module.Krb5LoginModule required 
  principal="..."
  useKeyTab=true
  keyTab="..."
  isInitiator=false;
};
                                     
2007-06-26
EVALUATION

Just take a look at this, Krb5LoginModule.java:

576        cred = Credentials.acquireTGT(principal, encKey,
577            new StringBuffer().append(password));

So here the user get a key from the keytab file without providing a password, and then new StringBuffer().append(password) throws a NPE.

This bug is 1.4.2_updates only. See comments.
                                     
2007-06-25



Hardware and Software, Engineered to Work Together