JDK-6857795 : krb5.conf ignored if system properties on realm and kdc are provided
- Type: Bug
- Component: security-libs
- Sub-Component: org.ietf.jgss:krb5
- Affected Version: 5.0u10,5.0u15,7
- Priority: P3
- Status: Resolved
- Resolution: Fixed
- OS: generic,solaris_10,windows_xp
- CPU: generic,x86,sparc
- Submitted: 2009-07-07
- Updated: 2015-03-17
- Resolved: 2009-07-17
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| Other | Other | JDK 6 | JDK 7 |
|---|---|---|---|
| 5.0u22-revFixed | 5.0u23Fixed | 6u17-revFixed | 7 b66Fixed  |
Related Reports
|
Relates :
|
|
|
Relates :
|
Description
According to the doc [1]:
...you can instead specify these values by setting the
following system properties to indicate the realm
and KDC, respectively:
java.security.krb5.realm
java.security.krb5.kdc
If you set values for these properties, then they override
the default realm and KDC values specified in krb5.conf (if
such a file is found). The krb5.conf file is still consulted
******************
if values for items other than the default realm and KDC
are needed.
However, in code of sun.security.krb5.Config [2]:
122 String kdchost =
123 java.security.AccessController.doPrivileged(
124 new sun.security.action.GetPropertyAction
125 ("java.security.krb5.kdc"));
....
137 if (kdchost != null) {
.... using system properties as settings ....
.... and do NOT read config file anymore ....
151 } else {
152 // Read the Kerberos configuration file
153 try {
154 Vector<String> configFile;
155 configFile = loadConfigFile();
156 stanzaTable = parseStanzaTable(configFile);
157 } catch (IOException ioe) {
158 // No krb5.conf, no problem. We'll use DNS etc.
159 }
160 }
[1]
http://java.sun.com/j2se/1.5.0/docs/guide/security/jgss/tutorials/KerberosReq.html
[2]
http://hg.openjdk.java.net/jdk7/tl/jdk/file/ff32c270102a/src/share/classes/sun/security/krb5/Config.java
A customer in japan using Sun OpenSSO Enterprise 8.0 deployed on webserver 7 running on JDK1.5.0_15
The JDK does not read the properties in the file : /etc/krb5/krb5.conf.
For details, please refer to http://mailfinder3.sfbay.sun.com/thread/4546861
Comments
|