Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8028351

JWS doesn't get authenticated when using kerberos auth proxy

    Details

    • Subcomponent:
    • Resolved In Build:
      b120
    • CPU:
      generic
    • OS:
      windows
    • Verification:
      Verified

      Backports

        Description

        Cu has proved that kerberos set up correctly by using IE. IE can browse
        internet via Kerberos authentication. But JWS cannot.

        From network capture, they saw AS-REP "KRB5KDC_ERR_PREAUTH_REQUIRED" and
        "KRBKDC_ERR_PREAUTH_FAILED" when allowtgtsessionkey = 0 for request
        krbtgt/DOMAIN to AD server. When allowtgtsessionkey = 1, they got TGS-REP
        "KRB5KRB_AP_ERR_MODIFIED" for HTTP/squidproxy.domain.

        If they disable kerberos pre- authentication for that user and user was KINIT
        in JRE/bin before launch JNLP, JWS can download properly.

        system configuration
        ====================
        Environment - Squid proxy with Kerberos authentication enabled. Squid OS is
        Ubuntu. AD is Windows 2008. Client is Windows 7 x86 with 7u45

        javaws -J-Dsun.security.krb5.debug=true <http://your jnlp>

        And the log can be found in https://mos-cores.us.oracle.com/web/cores/3-8062194441/tds-2013-11-13/javaws5447623760750531854.log

        They use krb5.ini that is available in https://mos-cores.us.oracle.com/web/cores/3-8062194441/tds-2013-11-08/krb5.ini

          Issue Links

            Activity

            Hide
            chravel Christophe Ravel (Inactive) added a comment -
            SQE: approves this critical request.
            Show
            chravel Christophe Ravel (Inactive) added a comment - SQE: approves this critical request.
            Hide
            maxelsso Mathias Axelsson (Inactive) added a comment -
            Release team: Approved for fixing
            Show
            maxelsso Mathias Axelsson (Inactive) added a comment - Release team: Approved for fixing
            Hide
            hgupdate HG Updates added a comment -
            URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/e1bc55ddf1ad
            User: weijun
            Date: 2013-12-04 01:21:24 +0000
            Show
            hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/e1bc55ddf1ad User: weijun Date: 2013-12-04 01:21:24 +0000
            Hide
            hgupdate HG Updates added a comment -
            URL: http://hg.openjdk.java.net/jdk8/jdk8/jdk/rev/e1bc55ddf1ad
            User: lana
            Date: 2013-12-10 18:28:32 +0000
            Show
            hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk8/jdk8/jdk/rev/e1bc55ddf1ad User: lana Date: 2013-12-10 18:28:32 +0000
            Hide
            zailiu Kevin Liu (Inactive) added a comment -
            sun/security/krb5/auto/LoginNoPass.java passed since B120
            Show
            zailiu Kevin Liu (Inactive) added a comment - sun/security/krb5/auto/LoginNoPass.java passed since B120

              People

              • Assignee:
                weijun Weijun Wang
                Reporter:
                mbankal Mala Bankal (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved: