JDK-6483218 : Provide a default login configuration
  • Type: Bug
  • Component: security-libs
  • Sub-Component: org.ietf.jgss
  • Affected Version: 6
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2006-10-18
  • Updated: 2011-05-26
  • Resolved: 2011-03-07
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7
7 b05Fixed
Description
Provide a default login configuration when using Java GSS without JAAS.

Currently Java GSS without JAAS requires a JAAS configuration file with default
entries "com.sun.security.jgss.initiate" and "com.sun.security.jgss.accept".
This works fine, however, user always needs to provide a jaas.conf file.

Java GSS always relies on the existence of JAAS configuration file.
If the jaas.conf file is not provided, Java GSS should be able
to use a built-in default JAAS configuration, with default options to use.

Desired default JAAS Krb5LoginModule options:

Client-side:
   - useTicketCache=true
   - doNotPrompt=false

Server-side:
   - useKeyTab=true
   - storeKey=true
   - doNotPrompt=true
   - isInitiator=false

Comments
EVALUATION What we need to provide is not a default *Configuration*, but a default *AppConfigurationEntry[]* for the JGSS named entries. The reason is that users may still have JAAS configuration files as ~/java.login.config etc etc for their JAAS programs. However, when they write JGSS programs, they may not realize that entries like com.sun.security.jgss.krb5.* are needed *inside* the file, I believe this is the case we want to give them a default setting. So, I'd like to -- 1. In Configuration.getConfiguration a. Throw Exception if bad file syntax, or files specified by don't exist (for java.security.auth.login.config and/or login.config.url.n) b. return empty if not specified at all c. return something if there's such a valid file (may still be empty ;) ) 2. In LoginConfigImpl.java 1) find the entry and return the content 2) if entry not found, return default
2006-11-21