JDK-6572805 : regression: krb5 log in failed
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 1.4.2,1.4.2_14
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic,solaris_10
  • CPU: generic,sparc
  • Submitted: 2007-06-22
  • Updated: 2011-02-16
  • Resolved: 2007-08-01
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
1.4.2_18 b05Fixed
Related Reports
Relates :  
Relates :  
Description
FULL PRODUCT VERSION :
java version "1.4.2_14"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_14-b05)
Java HotSpot(TM) Client VM (build 1.4.2_14-b05, mixed mode)

ADDITIONAL OS VERSION INFORMATION :
SunOS webapp-test3.Stanford.EDU 5.8 Generic_117350-43 sun4u sparc SUNW,UltraAX-i2

EXTRA RELEVANT SYSTEM CONFIGURATION :
kerberos 5 log into open ldap

A DESCRIPTION OF THE PROBLEM :
We use kerberos 5 log into open ldap. jdk1.4.2_13 works. When we updates JDK to 1.4.2_14. The login failed.
JDK1.6, JDK1.5, and j2sdk1.4.2_13 work fine. The problem version is J2sdk1.4.2_14. 

ERROR MESSAGES/STACK TRACES THAT OCCUR :
edu.stanford.newdirector
y.JNDIDirectoryImpl - authentication attempt failedjavax.security.auth.login.Log
inException: java.lang.NullPointerException
        at java.lang.StringBuffer.append(StringBuffer.java:467)
        at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Kr
b5LoginModule.java:576)
        at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.ja
va:475)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:324)
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)


REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
Attached seperatly
---------- END SOURCE ----------

Comments
EVALUATION Fixed via 1.4.2_17-rev-b10
2008-04-03

SUGGESTED FIX http://jpsesvr.sfbay.sun.com:8080/ctetools/html/ViewDetail.jsp?index=2223
2007-07-17

WORK AROUND We do have a workaround for the customer in JDK 1.4.2_15. Please ask the customer to download JDK 1.4.2_15, and set option "isInitiator=false" in the JAAS Kerberos configuration file at the acceptor end. com.sun.security.jgss.accept { com.sun.security.auth.module.Krb5LoginModule required principal="..." useKeyTab=true keyTab="..." isInitiator=false; };
2007-06-26

EVALUATION Just take a look at this, Krb5LoginModule.java: 576 cred = Credentials.acquireTGT(principal, encKey, 577 new StringBuffer().append(password)); So here the user get a key from the keytab file without providing a password, and then new StringBuffer().append(password) throws a NPE. This bug is 1.4.2_updates only. See comments.
2007-06-25