[jcifs] Will you review my patch to make jcifs-krb5-1.3.17 work on JDK 7, please?
Kiju Kim
kiju98 at gmail.com
Mon Feb 3 00:27:12 MST 2014
Thank you for the detailed answer, Mike.
Kiju
2014-02-03 Michael B Allen <ioplex at gmail.com>:
> Hi Kiju,
>
> The jcifs-krb5 package is externally contributed and as such it is not
> maintained by the JCIFS project. Also, I was not successful in testing
> the last contributed package so I cannot endorse it either.
>
> Now if you're wondering why we even have that package on the site, the
> problem is that to properly integrate kerberos into JCIFS I would
> first need to factor out all of the NtlmPasswordAuthentication code
> and provide a different technique for retrieving credentials as either
> properties (which means factoring out the global static Config class)
> or by using Thread storage like JAAS. So we don't have proper Kerberos
> support because it would require some significant refactoring that
> would change the API in ways that would not be backward compatible. So
> as a consolation, we host the contributed jcifs-krb5 package just to
> give people something.
>
> Mike
>
> On Tue, Jan 28, 2014 at 3:41 AM, Kiju Kim <kiju98 at gmail.com> wrote:
> > Hi,
> >
> > I've noticed KerbAuthExample in jcifs-krb5-1.3.17 doesn't work on JDK 7.
> > It works fine on JDK 6 but produces "jcifs.smb.SmbAuthException:
> > Access is denied." on JDK 7.
> >
> > I've learned that it is due to the change how JDK generates subKey
> > (https://bugs.openjdk.java.net/browse/JDK-8031973).
> >
> > I prepared the following patch for Kerb5Context.java and saw
> > KerbAuthExample worked fine on JDK 7.
> > But I'm newt to jcifs and want my patch reviewed.
> >
> > < return ticket.getSessionKey();
> > ---
> >> com.sun.security.jgss.ExtendedGSSContext ec =
> >> (com.sun.security.jgss.ExtendedGSSContext)
> gssContext;
> >
> >> return (Key) ec.inquireSecContext(
> >>
> com.sun.security.jgss.InquireType.KRB5_GET_SESSION_KEY
> > );
> >> //return ticket.getSessionKey();
> >
> > Note that ExtendedGSSContext and InquireType are classes newly added in
> JDK 7.
> > Also note that there is a small difference between the Key object
> > returned by ticket.getSessionKey() and
> > ec.inquireSecContext(KRB5_GET_SESSION_KEY) that their getAlgorithm()
> > outputs are different. The former returns "DES" etc, but the later
> > returns "1" etc. Looks like it doesn't affect the behavior of
> > KerberosAuthExample but I'm not sure if getAlgorithm() is used
> > elsewhere.
> >
> > Thanks and regards,
> > Kiju
>
>
>
> --
> Michael B Allen
> Java Active Directory Integration
> http://www.ioplex.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/jcifs/attachments/20140203/7811a583/attachment.html>
More information about the jCIFS
mailing list