Bug in Kerberos JDK 1.4.2 / Windows XP ?

Seema Malkani Seema.Malkani at Sun.COM
Fri Jun 18 16:35:46 EDT 2004 

Claude,

It appears that have configured your Windows domain to be all lower-case.
Kerberos realm names are case sensitive. By convention, all realm names are
uppercase. On Windows domains are also Kerberos realms, and realm name
is always the uppercase version of the domain name.

The LSA API called from the Java Kerberos library obtained the native ticket
for current domain. Hence if your domain is configured to be lower-case,
LSA API obtained the ticket with lower-case realm.

This issue has been fixed in J2SE 1.5.0 beta2 available at:
http://java.sun.com/j2se/1.5.0/download.jsp

Alternatively, you can reconfigure your Windows domain to be
all uppercase, and you'll get the Kerberos Ticket correctly.
Let me know if you have any further questions.

For any questions on Sun's implementation of Java GSS/Kerberos,
please communicate to us via java-security at sun.com alias.

Seema

Rouiller Claude wrote:

>The problem is that I get a ticket like "claude at MYREALM.FOO.COM to go to
>krbtgt/myrealm.foo.com at MYREALM.FOO.COM"
>and I should get one like "claude at MYREALM.FOO.COM to go to
>krbtgt/MYREALM.FOO.COM at MYREALM.FOO.COM".
>
>And I don't know how to tell Windows that my ticket must refer to
>krbtgt/MYREALM.FOO.COM at MYREALM.FOO.COM (instead of
>krbtgt/myrealm.foo.com at MYREALM.FOO.COM).
>
>Thanks, Claude
>
>-----Original Message-----
>From: Jeffrey Altman [mailto:jaltman2 at nyc.rr.com] 
>Sent: Monday, June 07, 2004 4:29 PM
>To: kerberos at mit.edu
>Subject: Re: Bug in Kerberos JDK 1.4.2 / Windows XP ?
>
>
>I believe that you are running into the problem of authenticating
>as the name the user logged in with.  Remember that Windows tries to
>be case insensitive whereas Kerberos is case sensitive.
>
>You must log into Windows using the name
>
>	claude at MYREALM.FOO.COM
>
>instead of
>
>	claude at myrealm.foo.com
>
>Jeffrey Altman
>
>Rouiller Claude wrote:
>  
>
>>Isn't there a problem with the case (upper case / down case) of the
>>    
>>
>service
>  
>
>>principal names of the tickets placed in the JAAS subject?
>>Or maybe the problem is in Windows XP?
>>
>>I've described the problem in
>>
>>    
>>
>http://forum.java.sun.com/thread.jsp?forum=60&thread=528692&tstart=0&trange=
>  
>
>>15
>>
>>    
>>
><http://forum.java.sun.com/thread.jsp?forum=60&thread=528692&tstart=0&trange
>  
>
>>=15> .
>>
>>Claude
>>
>>
>>________________________________________________
>>Kerberos mailing list           Kerberos at mit.edu
>>https://mailman.mit.edu/mailman/listinfo/kerberos
>>
>>    
>>
>
>  
>

More information about the Kerberos mailing list