Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8014310

JAAS/Krb5LoginModule using des encytypes failure with NPE after JDK-8012679

    Details

    • Subcomponent:
    • Resolved In Build:
      b96
    • Verification:
      Verified

      Backports

        Description

        After the change for disabling DES-related etypes, JAAS login fails at the test fails with NPE.
        Test Configuration :
        -------------------------
        SEAM instance SEAM.THREE.COM was used
        Client side krb5.conf has
             default_tkt_enctypes=des-cbc-md5
             default_tgs_enctypes=des-cbc-md5
             permitted_enctypes=des-cbc-md5
        does not have allow_weak_crypto = true

        At this point a meaningful error message
        like "Failure unspecified at GSS-API level (Mechanism level: Encryption type DES CBC mode with CRC-32 is not supported/enabled)"
        is expected.
        Instead a NPE is obtained


        javax.security.auth.login.LoginException: java.lang.NullPointerException
                at sun.security.krb5.internal.KDCReqBody.asn1Encode(KDCReqBody.java:251)
                at sun.security.krb5.internal.KDCReq.asn1Encode(KDCReq.java:203)
                at sun.security.krb5.KrbAsReq.encoding(KrbAsReq.java:145)
                at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:316)
                at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361)
                at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:765)
                at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:616)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                at java.lang.reflect.Method.invoke(Method.java:491)
                at javax.security.auth.login.LoginContext.invoke(LoginContext.java:777)
                at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
                at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
                at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
                at java.security.AccessController.doPrivileged(Native Method)
                at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:688)
                at javax.security.auth.login.LoginContext.login(LoginContext.java:586)
                at Server.main(Server.java:670)

        If krb5.conf in the clientside is modified to include "allow_weak_crypto = true"
        login happens

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  weijun Weijun Wang
                  Reporter:
                  nisriniv Nithya Srinivasan (Inactive)
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  6 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: