[prev in list] [next in list] [prev in thread] [next in thread]
List: httpclient-commons-dev
Subject: [jira] Resolved: (HTTPCLIENT-1067) Cross realm authentication
From: "Oleg Kalnichevski (JIRA)" <jira () apache ! org>
Date: 2011-03-14 19:03:29
Message-ID: 1007269453.1584.1300129409561.JavaMail.tomcat () hel ! zones ! apache ! org
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]
Oleg Kalnichevski resolved HTTPCLIENT-1067.
-------------------------------------------
Resolution: Won't Fix
Gaurav
I am closing the issue as WONTFIX for now. Please re-open it when you are ready to \
contribute a patch.
Oleg
> Cross realm authentication doesn't work
> ---------------------------------------
>
> Key: HTTPCLIENT-1067
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1067
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.1 Final
> Reporter: Gaurav Singhal
> Labels: httpclient
> Attachments: NegotiateScheme.java
>
>
> Cross realm authentication doesn't work because of incomplete server SPN passed \
> into GSS-API. Class Name: NegotiateScheme
> Line # 205 (GSSName serverName = manager.createName("HTTP/" + authServer, null);)
> This piece of code doesn't append the server realm while creating name. Because of \
> null server realm, jdk always append default realm by reading krb5.conf file. but \
> there can be case where server realm is different than default realm configured in \
> krb5.conf file. Modified code:
> ----------------------------------------------------------------------------------------------------------------------------------------
> String strServerName = Krb5Utility.mapDomainToRealm(authServer);
> strServerName = strServerName == null ? "" : ("@" + strServerName);
> GSSName serverName = manager.createName("HTTP/" + authServer + strServerName, \
> null);
> ----------------------------------------------------------------------------------------------------------------------------------------
> Krb5Utility.mapDomainToRealm method code
> ----------------------------------------------------------------------------------------------------------------------------------------
> public static String mapDomainToRealm(String name) {
> String result = null;
> try {
> String subname = null;
> Config c = Config.getInstance();
> if ((result = c.getDefault(name, "domain_realm")) != null)
> return result;
> else {
> for (int i = 1; i < name.length(); i++) {
> // mapping could be .ibm.com = AUSTIN.IBM.COM
> if ((name.charAt(i) == '.') && (i != name.length() - 1)) {
> subname = name.substring(i);
> result = c.getDefault(subname, "domain_realm");
> if (result != null) {
> break;
> } else {
> // or mapping could be ibm.com = AUSTIN.IBM.COM
> subname = name.substring(i + 1);
> result = c.getDefault(subname, "domain_realm");
> if (result != null) {
> break;
> }
> }
> }
> }
> }
> } catch (KrbException e) {
> }
> return result;
> }
> ----------------------------------------------------------------------------------------------------------------------------------------
>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic