JDK-7112944 : Cross Realm Kerberos Auth Fails
  • Type: Bug
  • Component: security-libs
  • Sub-Component: org.ietf.jgss:krb5
  • Affected Version: 6u29
  • Priority: P4
  • Status: Closed
  • Resolution: Duplicate
  • OS: linux_redhat_4.0
  • CPU: x86
  • Submitted: 2011-11-17
  • Updated: 2012-09-06
  • Resolved: 2011-11-23
Related Reports
Duplicate :  
Description
FULL PRODUCT VERSION :
any version of Java 6

ADDITIONAL OS VERSION INFORMATION :
Linux water.cnf.cornell.edu 2.6.9-101.ELsmp #1 SMP Fri May 27 18:57:30 EDT 2011 i686 athlon i386 GNU/Linux
SunOS title 5.10 Generic_144500-19 sun4u sparc SUNW,UltraAX-i2
Windows XP/7
Mac OS X (all current versions)

A DESCRIPTION OF THE PROBLEM :
This bug was originally reported in bug number 7061379 but was only fixed in Java 7 and Java 8. Not in Java 6. The fix needs to be applied in Java 6 as well since:

1. java 6 is still actively maintained
2. many folk still have java 6 installed on their systems
3. many actively supported OSes including RHEL4, Solaris 10 (prior to update 9), and Mac OS X do not yet have Java 7 available or cannot run java 7 due to newer glibc requirements.

I have verified the bug fix in the preview release of Java 7u2. So, the fix just needs to be applied to the next release of Java 6.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Attempt cross realm Kerberos AuthN with gssapi as detailed in bug 7061379

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Cross realm authN works with java 6
ACTUAL -
Cross realm authN does not work with java 6

REPRODUCIBILITY :
This bug can be reproduced always.