JDK-8190690 : Impact on krb5 test cases in the 8u nightly
  • Type: Bug
  • Component: security-libs
  • Affected Version: 8
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2017-11-03
  • Updated: 2021-04-07
  • Resolved: 2017-11-13
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8 Other
8u172 b01Fixed openjdk7uFixed
Related Reports
Cloners :  
JDK-8194486 - Several krb5 tests failed in Mac.
Duplicate :  
JDK-8264815 - Several krb5 tests failed in Mac.
Duplicate :  
JDK-8264815 - Several krb5 tests failed in Mac.
Relates :  
JDK-8220641 - [TESTBUG] New test KdcPolicy.java introduced by JDK-8164656 needs same change as JDK-8190690
Description
Test Suite : java/net
Test case : 
sun/security/krb5/auto/AcceptPermissions.java	
sun/security/krb5/auto/AcceptorSubKey.java	
sun/security/krb5/auto/AddressesAndNameType.java
sun/security/krb5/auto/BadKdc1.java	
sun/security/krb5/auto/BadKdc2.java	
sun/security/krb5/auto/BadKdc3.java	
sun/security/krb5/auto/BadKdc4.java	
sun/security/krb5/auto/Basic.java	
sun/security/krb5/auto/BasicKrb5Test.java	
sun/security/krb5/auto/BasicProc.java	
sun/security/krb5/auto/CleanState.java	
sun/security/krb5/auto/CrossRealm.java	
sun/security/krb5/auto/DiffNameSameKey.java	
sun/security/krb5/auto/DupEtypes.java	
sun/security/krb5/auto/DynamicKeytab.java	
sun/security/krb5/auto/EmptyPassword.java	
sun/security/krb5/auto/FileKeyTab.java	
sun/security/krb5/auto/ForwardableCheck.java	
sun/security/krb5/auto/GSS.java	
sun/security/krb5/auto/GSSUnbound.java	
sun/security/krb5/auto/HttpNegotiateServer.java
sun/security/krb5/auto/IgnoreChannelBinding.java
sun/security/krb5/auto/KPEquals.java	
sun/security/krb5/auto/KeyPermissions.java	
sun/security/krb5/auto/KeyTabCompat.java	
sun/security/krb5/auto/KvnoNA.java	
sun/security/krb5/auto/LifeTimeInSeconds.java	
sun/security/krb5/auto/LoginModuleOptions.java	
sun/security/krb5/auto/MSOID2.java	
sun/security/krb5/auto/MaxRetries.java	
sun/security/krb5/auto/MoreKvno.java	
sun/security/krb5/auto/NewSalt.java	
sun/security/krb5/auto/NoAddresses.java	
sun/security/krb5/auto/NoInitNoKeytab.java	
sun/security/krb5/auto/NonMutualSpnego.java	
sun/security/krb5/auto/NoneReplayCacheTest.java
sun/security/krb5/auto/OkAsDelegate.java	
sun/security/krb5/auto/OkAsDelegateXRealm.java	
sun/security/krb5/auto/PrincipalNameEquals.java
sun/security/krb5/auto/RRC.java	
sun/security/krb5/auto/ReplayCacheTest.java	
sun/security/krb5/auto/S4U2proxy.java	
sun/security/krb5/auto/S4U2proxyGSS.java	
sun/security/krb5/auto/S4U2self.java	
sun/security/krb5/auto/S4U2selfAsServer.java	
sun/security/krb5/auto/S4U2selfAsServerGSS.java
sun/security/krb5/auto/S4U2selfGSS.java	
sun/security/krb5/auto/SPNEGO.java	
sun/security/krb5/auto/SSL.java	
sun/security/krb5/auto/SaslBasic.java	
sun/security/krb5/auto/SaslGSS.java	
sun/security/krb5/auto/SaslUnbound.java	
sun/security/krb5/auto/SpnegoLifeTime.java	
sun/security/krb5/auto/SpnegoReqFlags.java	
sun/security/krb5/auto/TcpTimeout.java	
sun/security/krb5/auto/Test5653.java	
sun/security/krb5/auto/TicketSName.java	
sun/security/krb5/auto/TwoOrThree.java	
sun/security/krb5/auto/TwoPrinces.java	
sun/security/krb5/auto/TwoTab.java	
sun/security/krb5/auto/UdpTcp.java	
sun/security/krb5/auto/UnboundService.java	
sun/security/krb5/auto/UseCacheAndStoreKey.java

OS : Issue seen on all OS (for details, please see the comment section)


Exception :-

javax.security.auth.login.LoginException: kdc.rabbit.hole: Name or service not known
	at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:808)
	at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
	at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
	at Context.fromJAAS(Context.java:130)
	at Basic.main(Basic.java:42)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:110)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.net.UnknownHostException: kdc.rabbit.hole: Name or service not known
	at java.net.Inet6AddressImpl.lookupAllHostAddr(Native Method)
	at java.net.InetAddress$2.lookupAllHostAddr(InetAddress.java:928)
	at java.net.InetAddress.getAddressesFromNameService(InetAddress.java:1323)
	at java.net.InetAddress.getAllByName0(InetAddress.java:1276)
	at java.net.InetAddress.getAllByName(InetAddress.java:1192)
	at java.net.InetAddress.getAllByName(InetAddress.java:1126)
	at java.net.InetAddress.getByName(InetAddress.java:1076)
	at sun.security.krb5.internal.UDPClient.<init>(NetClient.java:187)
	at sun.security.krb5.internal.NetClient.getInstance(NetClient.java:45)
	at sun.security.krb5.KdcComm$KdcCommunication.run(KdcComm.java:393)
	at sun.security.krb5.KdcComm$KdcCommunication.run(KdcComm.java:364)
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.security.krb5.KdcComm.send(KdcComm.java:348)
	at sun.security.krb5.KdcComm.sendIfPossible(KdcComm.java:253)
	at sun.security.krb5.KdcComm.send(KdcComm.java:229)
	at sun.security.krb5.KdcComm.send(KdcComm.java:200)
	at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:316)
	at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361)
	at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:766)
	... 20 more
Comments
Isn't it a bit concerning that JDK behaviour has changed to cause the original code (setting of system property) to have no effect any longer. I think we should chase down root cause.
09-11-2017
After som experiments, making @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock Basic fixes the problem. It seems somewhere in the jdk8u a name lookup is peformed before KDC.java set the customized name service.
08-11-2017