Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8028351

JWS doesn't get authenticated when using kerberos auth proxy

    Details

    • Subcomponent:
    • Resolved In Build:
      b120
    • CPU:
      generic
    • OS:
      windows
    • Verification:
      Verified

      Backports

        Description

        Cu has proved that kerberos set up correctly by using IE. IE can browse
        internet via Kerberos authentication. But JWS cannot.

        From network capture, they saw AS-REP "KRB5KDC_ERR_PREAUTH_REQUIRED" and
        "KRBKDC_ERR_PREAUTH_FAILED" when allowtgtsessionkey = 0 for request
        krbtgt/DOMAIN to AD server. When allowtgtsessionkey = 1, they got TGS-REP
        "KRB5KRB_AP_ERR_MODIFIED" for HTTP/squidproxy.domain.

        If they disable kerberos pre- authentication for that user and user was KINIT
        in JRE/bin before launch JNLP, JWS can download properly.

        system configuration
        ====================
        Environment - Squid proxy with Kerberos authentication enabled. Squid OS is
        Ubuntu. AD is Windows 2008. Client is Windows 7 x86 with 7u45

        javaws -J-Dsun.security.krb5.debug=true <http://your jnlp>

        And the log can be found in https://mos-cores.us.oracle.com/web/cores/3-8062194441/tds-2013-11-13/javaws5447623760750531854.log

        They use krb5.ini that is available in https://mos-cores.us.oracle.com/web/cores/3-8062194441/tds-2013-11-08/krb5.ini

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  weijun Weijun Wang
                  Reporter:
                  mbankal Mala Bankal (Inactive)
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  8 Start watching this issue

                  Dates

                  • Due:
                    Created:
                    Updated:
                    Resolved: