[jcifs] Re: Kerberos Problem

Mon Mar 19 11:45:24 GMT 2007

I haven't dug into the Kerberos patch, but from the stacktrace below,
and the mention that you were using the IBM JRE, it would appear that
the IBM implementation of the Kerberos GSSAPI classes does not support
a feature required by jCIFS (in particular, the IBM implementation
does not appear to support the GSSContext.requestAnonymity() call).

Glancing at the Kerb5Authenticator source, it is calling:

        kerb5Context.getGSSContext().requestAnonymity(false);
        kerb5Context.getGSSContext().requestSequenceDet(false);
        kerb5Context.getGSSContext().requestMutualAuth(false);
        kerb5Context.getGSSContext().requestConf(false);
        kerb5Context.getGSSContext().requestInteg(false);
        kerb5Context.getGSSContext().requestReplayDet(false);

so it doesn't actually require *support* for the features, just that
the call not throw an exception (which the IBM implementation does).
You might be able to get past this by just wrapping the calls in
something like:

        try {
            kerb5Context.getGSSContext().requestAnonymity(false);
        } catch (GSSException ignore) { }
        try {
            kerb5Context.getGSSContext().requestSequenceDet(false);
        } catch (GSSException ignore) { }
        .... and so on

Eric

> org.ietf.jgss.GSSException, Hauptcode: 16, Nebencode: 0
>   Hauptzeichenfolge: Operation ist nicht verfügbar oder nicht implementiert
>   Nebenzeichenfolge: Nicht implementiert
>   at
> com.ibm.security.jgss.i18n.I18NException.throwGSSException(I18NException.java)
>   at com.ibm.security.jgss.mech.krb5.k.requestAnonymity(k.java:541)
>   at com.ibm.security.jgss.GSSContextImpl.requestAnonymity(GSSContextImpl.java)
>   at jcifs.smb.Kerb5Authenticator.createContext(Kerb5Authenticator.java:235)