[jcifs] Re: Kerberos Problem
Michael B Allen
mba2000 at ioplex.com
Mon Mar 19 16:49:45 GMT 2007
On Mon, 19 Mar 2007 07:45:24 -0400
"Eric Glass" <eric.glass at gmail.com> wrote:
> I haven't dug into the Kerberos patch, but from the stacktrace below,
> and the mention that you were using the IBM JRE, it would appear that
> the IBM implementation of the Kerberos GSSAPI classes does not support
> a feature required by jCIFS (in particular, the IBM implementation
> does not appear to support the GSSContext.requestAnonymity() call).
>
> Glancing at the Kerb5Authenticator source, it is calling:
>
> kerb5Context.getGSSContext().requestAnonymity(false);
> kerb5Context.getGSSContext().requestSequenceDet(false);
> kerb5Context.getGSSContext().requestMutualAuth(false);
> kerb5Context.getGSSContext().requestConf(false);
> kerb5Context.getGSSContext().requestInteg(false);
> kerb5Context.getGSSContext().requestReplayDet(false);
>
> so it doesn't actually require *support* for the features, just that
> the call not throw an exception (which the IBM implementation does).
> You might be able to get past this by just wrapping the calls in
> something like:
>
> try {
> kerb5Context.getGSSContext().requestAnonymity(false);
> } catch (GSSException ignore) { }
> try {
> kerb5Context.getGSSContext().requestSequenceDet(false);
> } catch (GSSException ignore) { }
> .... and so on
Good catch.
Jan,
Please let us know if this fixes the problem with the IBM JBM.
I'll add this to The List (for when/if we incorporate the Krb5 patch
into the stock package).
Mike
>
>
> Eric
>
> > org.ietf.jgss.GSSException, Hauptcode: 16, Nebencode: 0
> > Hauptzeichenfolge: Operation ist nicht verfügbar oder nicht implementiert
> > Nebenzeichenfolge: Nicht implementiert
> > at
> > com.ibm.security.jgss.i18n.I18NException.throwGSSException(I18NException.java)
> > at com.ibm.security.jgss.mech.krb5.k.requestAnonymity(k.java:541)
> > at com.ibm.security.jgss.GSSContextImpl.requestAnonymity(GSSContextImpl.java)
> > at jcifs.smb.Kerb5Authenticator.createContext(Kerb5Authenticator.java:235)
>
--
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/
More information about the jcifs
mailing list