BUG Report : 'krb5.ini' not found on Windows.

Douglas E. Engert deengert at anl.gov
Tue May 17 15:06:05 EDT 2011 

On 5/17/2011 5:53 AM, Onkesh Bansal wrote:
> Hello,
>
>
>
> Configuration>>
>
>>>> Windows 2008 R2 (Service Pack 1) workstation.
>
>
>
> I am having this problem on my machine and am not able to figure out
> what is the root cause.
>
> The scenario seems with Terminal Services installed on the system and
> when the authentication has to be done via the LDAP over the local
> network.
>
>
> This BUG has been logged with ORACLE-JAVA at
> http://bugs.sun.com/view_bug.do?bug_id=6793475 and they have already
> provided with a work around.
>
> My Query is:
>
> 1.       What is the reason behind this bug. I need to know the root
> cause for this.

This is not a Kerberos issue, but a Java issue of how Java finds a krb5.conf
or krb5.ini on the running system.
See:
http://download.oracle.com/javase/6/docs/technotes/guides/security/jgss/tutorials/KerberosReq.html

As it says,
"If the system property java.security.krb5.conf is set, its value is assumed to
specify the path and file name."
So you can add to the comamnd like -Djava.security.krb5.conf=/path.to/krb5.conf

It says it then looks in
  in <java-home>\lib\security so put it there.

After that it gets a little mushy.

>
> 2.       What should be my steps (apart from the workaround provided
> with the bug resolution) so as to prevent any future re-occurrences?
> ie I need a fix.

They gave you a fix.

>
> 3.       Can it be related to the version changes of Kerberos or is it
> because of Windows 2008?

Yes and no. Oracle/Java need to address this issue on every system they run
under, including 2008 with terminal server.

Note: Windows itself does not use a krb5.ini or krb5.conf, so the location
is based on where Oracle/java or some other Kerberos application expect it
to be.

>
>
>
> Thanks&  Regards,
>
> Onkesh Bansal
>
> Engineer-1 QA,
>
> Quark Media House (P) Ltd.
>
> obansal at quark.com
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the Kerberos mailing list