RFR 8048073: Cannot read ccache entry with a realm-less service name (original) (raw)
Xuelei Fan xuelei.fan at oracle.com
Wed Jun 25 09:05:46 UTC 2014
- Previous message (by thread): RFR 8048073: Cannot read ccache entry with a realm-less service name
- Next message (by thread): RFR 8048073: Cannot read ccache entry with a realm-less service name
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 6/25/2014 4:48 PM, Wang Weijun wrote:
Please review the fix at
http://cr.openjdk.java.net/~weijun/8048073/webrev.00/ Looks fine to me. It would be nice to add more comment about why you want to ignore the principal if (cpname == null || spname == null)
Xuelei
Running native krb5 could generate a ccache file like this
Valid starting Expires Service principal 06/25/14 14:05:06 06/26/14 00:05:06 krbtgt/K1 at K1 06/25/14 14:12:35 06/26/14 00:05:06 HTTP/localhost@ 06/25/14 14:12:35 06/26/14 00:05:06 HTTP/localhost at K1 Please note the 2nd ticket has a service principal with no realm. I guess it's a result of kerberos referral. Since OpenJDK does not support referral (yet), the PricipalName always has a realm and reading such a ccache throws out an exception. After this fix such entries are ignored and Java's klist would show [1] Service Principal: krbtgt/K1 at K1 Valid starting: Jun 25, 2014 14:05:06 Expires: Jun 26, 2014 00:05:06 [2] Service Principal: HTTP/localhost at K1 Valid starting: Jun 25, 2014 14:12:35 Expires: Jun 26, 2014 00:05:06 Thanks Max
- Previous message (by thread): RFR 8048073: Cannot read ccache entry with a realm-less service name
- Next message (by thread): RFR 8048073: Cannot read ccache entry with a realm-less service name
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]