[33397] in Kerberos
Re: BUG Report : 'krb5.ini' not found on Windows.
daemon@ATHENA.MIT.EDU (Douglas E. Engert)
Tue May 17 15:06:09 2011
Message-ID: <4DD2C71D.1040600@anl.gov>
Date: Tue, 17 May 2011 14:06:05 -0500
From: "Douglas E. Engert" <deengert@anl.gov>
MIME-Version: 1.0
To: kerberos@mit.edu
In-Reply-To: <2BC68159E3EC814BA1E81C108DF99A42187BE6CE@EXCH-IND-VS1.india.quark.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 5/17/2011 5:53 AM, Onkesh Bansal wrote:
> Hello,
>
>
>
> Configuration>>
>
>>>> Windows 2008 R2 (Service Pack 1) workstation.
>
>
>
> I am having this problem on my machine and am not able to figure out
> what is the root cause.
>
> The scenario seems with Terminal Services installed on the system and
> when the authentication has to be done via the LDAP over the local
> network.
>
>
> This BUG has been logged with ORACLE-JAVA at
> http://bugs.sun.com/view_bug.do?bug_id=6793475 and they have already
> provided with a work around.
>
> My Query is:
>
> 1. What is the reason behind this bug. I need to know the root
> cause for this.
This is not a Kerberos issue, but a Java issue of how Java finds a krb5.conf
or krb5.ini on the running system.
See:
http://download.oracle.com/javase/6/docs/technotes/guides/security/jgss/tutorials/KerberosReq.html
As it says,
"If the system property java.security.krb5.conf is set, its value is assumed to
specify the path and file name."
So you can add to the comamnd like -Djava.security.krb5.conf=/path.to/krb5.conf
It says it then looks in
in <java-home>\lib\security so put it there.
After that it gets a little mushy.
>
> 2. What should be my steps (apart from the workaround provided
> with the bug resolution) so as to prevent any future re-occurrences?
> ie I need a fix.
They gave you a fix.
>
> 3. Can it be related to the version changes of Kerberos or is it
> because of Windows 2008?
Yes and no. Oracle/Java need to address this issue on every system they run
under, including 2008 with terminal server.
Note: Windows itself does not use a krb5.ini or krb5.conf, so the location
is based on where Oracle/java or some other Kerberos application expect it
to be.
>
>
>
> Thanks& Regards,
>
> Onkesh Bansal
>
> Engineer-1 QA,
>
> Quark Media House (P) Ltd.
>
> obansal@quark.com
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
