[jcifs] Will you review my patch to make jcifs-krb5-1.3.17 work on JDK 7, please?

Kiju Kim kiju98 at gmail.com
Mon Feb 3 00:27:12 MST 2014 

Thank you for the detailed answer, Mike.

Kiju


2014-02-03 Michael B Allen <ioplex at gmail.com>:

> Hi Kiju,
>
> The jcifs-krb5 package is externally contributed and as such it is not
> maintained by the JCIFS project. Also, I was not successful in testing
> the last contributed package so I cannot endorse it either.
>
> Now if you're wondering why we even have that package on the site, the
> problem is that to properly integrate kerberos into JCIFS I would
> first need to factor out all of the NtlmPasswordAuthentication code
> and provide a different technique for retrieving credentials as either
> properties (which means factoring out the global static Config class)
> or by using Thread storage like JAAS. So we don't have proper Kerberos
> support because it would require some significant refactoring that
> would change the API in ways that would not be backward compatible. So
> as a consolation, we host the contributed jcifs-krb5 package just to
> give people something.
>
> Mike
>
> On Tue, Jan 28, 2014 at 3:41 AM, Kiju Kim <kiju98 at gmail.com> wrote:
> > Hi,
> >
> > I've noticed KerbAuthExample in jcifs-krb5-1.3.17 doesn't work on JDK 7.
> > It works fine on JDK 6 but produces "jcifs.smb.SmbAuthException:
> > Access is denied." on JDK 7.
> >
> > I've learned that it is due to the change how JDK generates subKey
> > (https://bugs.openjdk.java.net/browse/JDK-8031973).
> >
> > I prepared the following patch for Kerb5Context.java and saw
> > KerbAuthExample worked fine on JDK 7.
> > But I'm newt to jcifs and want my patch reviewed.
> >
> > <                 return ticket.getSessionKey();
> > ---
> >>                 com.sun.security.jgss.ExtendedGSSContext ec =
> >>                         (com.sun.security.jgss.ExtendedGSSContext)
> gssContext;
> >
> >>                 return (Key) ec.inquireSecContext(
> >>
> com.sun.security.jgss.InquireType.KRB5_GET_SESSION_KEY
> > );
> >>                 //return ticket.getSessionKey();
> >
> > Note that ExtendedGSSContext and InquireType are classes newly added in
> JDK 7.
> > Also note that there is a small difference between the Key object
> > returned by ticket.getSessionKey() and
> > ec.inquireSecContext(KRB5_GET_SESSION_KEY) that their getAlgorithm()
> > outputs are different. The former returns "DES" etc, but the later
> > returns "1" etc. Looks like it doesn't affect the behavior of
> > KerberosAuthExample but I'm not sure if getAlgorithm() is used
> > elsewhere.
> >
> > Thanks and regards,
> > Kiju
>
>
>
> --
> Michael B Allen
> Java Active Directory Integration
> http://www.ioplex.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/jcifs/attachments/20140203/7811a583/attachment.html>

More information about the jCIFS mailing list