United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6857795 krb5.conf ignored if system properties on realm and kdc are provided
JDK-6857795 : krb5.conf ignored if system properties on realm and kdc are provided

Details
Type:
Bug
Submit Date:
2009-07-07
Status:
Resolved
Updated Date:
2012-11-07
Project Name:
JDK
Resolved Date:
2009-07-17
Component:
security-libs
OS:
generic,solaris_10,windows_xp
Sub-Component:
org.ietf.jgss:krb5
CPU:
x86,sparc,generic
Priority:
P3
Resolution:
Fixed
Affected Versions:
5.0u10,5.0u15,7
Fixed Versions:

Related Reports
Backport:
Backport:
Backport:
Backport:
Relates:

Sub Tasks

Description
According to the doc [1]:

    ...you can instead specify these values by setting the
    following system properties to indicate the realm
    and KDC, respectively:

        java.security.krb5.realm
        java.security.krb5.kdc

    If you set values for these properties, then they override
    the default realm and KDC values specified in krb5.conf (if
    such a file is found). The krb5.conf file is still consulted
                                              ******************
    if values for items other than the default realm and KDC
    are needed.

However, in code of sun.security.krb5.Config [2]:

122         String kdchost =
123             java.security.AccessController.doPrivileged(
124                 new sun.security.action.GetPropertyAction
125                     ("java.security.krb5.kdc"));

                ....

137         if (kdchost != null) {

                .... using system properties as settings ....
                .... and do NOT read config file anymore ....

151         } else {
152             // Read the Kerberos configuration file
153             try {
154                 Vector<String> configFile;
155                 configFile = loadConfigFile();
156                 stanzaTable = parseStanzaTable(configFile);
157             } catch (IOException ioe) {
158                 // No krb5.conf, no problem. We'll use DNS etc.
159             }
160         }

[1]
http://java.sun.com/j2se/1.5.0/docs/guide/security/jgss/tutorials/KerberosReq.html
[2]
http://hg.openjdk.java.net/jdk7/tl/jdk/file/ff32c270102a/src/share/classes/sun/security/krb5/Config.java
A customer in japan using Sun OpenSSO Enterprise 8.0 deployed on webserver 7 running on JDK1.5.0_15

The JDK does not read the properties in the file : /etc/krb5/krb5.conf.

For details, please refer to http://mailfinder3.sfbay.sun.com/thread/4546861

                                    

Comments
EVALUATION

Already read krb5.conf, and update the info using system properties.
                                     
2009-07-08
EVALUATION

http://hg.openjdk.java.net/jdk7/tl/jdk/rev/1df67a3ecce8
                                     
2009-07-08



Hardware and Software, Engineered to Work Together