Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6716534

Krb5LoginModule has not cleaned temp info between authentication attempts

    Details

    • Subcomponent:
    • Resolved In Build:
      b31
    • CPU:
      generic
    • OS:
      generic
    • Verification:
      Verified

      Description

      Krb5LoginModule's cleanState() has not clean all temp info. In the case of using tryFirstPass=true, this means if the password given in the sharedState is not correct, the encryption keys generated from the wrong password will not be cleaned before the second try. On the other hand, the class simply uses the existence of the keys to determine if they need to be generated again. Hence even if the correct password is provided in the second try, it will be never used and the authentication will always fail.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                weijun Weijun Wang
                Reporter:
                weijun Weijun Wang
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: