https://issues.apache.org/bugzilla/show_bug.cgi?id=56013
Bug ID: 56013
Summary: SpnegoAuthenticator not working in IBM JDK v7 for
Kerberos due to incorrect credential lifetime
Product: Tomcat 7
Version: 7.0.50
Hardware: Other
OS: AIX
Status: NEW
Severity: major
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: arunav.sanya...@gmail.com
Created attachment 31208
--> https://issues.apache.org/bugzilla/attachment.cgi?id=31208&action=edit
Unified GNU diff format of SpnegoAuthenticator.java and its updated version
Hi
SpnegoAuthenticator is not working with IBM JDK v7. The option
GSSCredential.DEFAULT_LIFETIME specified while generating ticket creates the
following exception:-
major code: 11, minor code: 0
major string: General failure, unspecified at GSSAPI level
minor string: Desired initLifetime zero or less)
However specifying GSSCredential.INDEFINITE_LIFETIME as lifetime of credential
resolves the issue.
I am attaching a patch which optionally chooses cred lifetime as indefinite or
default depending on whether the JDK is IBM JDK or Oracle/Sun JDK. This patch
is with respect to SpnegoAuthenticator.java of tomcat v 7.0.50
Impact of fix:-
1. If not fixed then Tomcat does not work out of the box for Spnego
Authentication(Kerberos) for IBM JDK v7
2. The fix affects only IBM JDK and does not change the execution flow for
Oracle/Sun JDK
Yours sincerely
Arunav Sanyal
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
