VOOZH about

URL: https://www.ibm.com/support/pages/apar/IJ06332

⇱ IJ06332: UPDATE KRB5LOGINMODULE.DOCALLBACKS() TO THROW A MORE DESCRIPTIVE"NULL PASSWORD" LOGINEXCEPTION.

IJ06332: UPDATE KRB5LOGINMODULE.DOCALLBACKS() TO THROW A MORE DESCRIPTIVE"NULL PASSWORD" LOGINEXCEPTION.

APAR status

  • Closed as program error.

Error description

  • Error Message: javax.security.auth.login.LoginException: Error
creating key: java.lang.NullPointerException
.
Stack Trace: javax.security.auth.login.LoginException: Error
creating key: java.lang.NullPointerException
at
com.ibm.security.jgss.i18n.I18NException.throwLoginException(I18
NException.java:166)
at
com.ibm.security.auth.module.Krb5LoginModule.createServiceKey(Kr
b5LoginModule.java:1985)
at
com.ibm.security.auth.module.Krb5LoginModule.doLogin(Krb5LoginMo
dule.java:474)
at
com.ibm.security.auth.module.Krb5LoginModule.login(Krb5LoginModu
le.java:346)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessor
Impl.java:90)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethod
AccessorImpl.java:55)
at java.lang.reflect.Method.invoke(Method.java:508)
at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:
788)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.j
ava:196)
at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:6
98)
at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:6
96)
at
java.security.AccessController.doPrivileged(AccessController.jav
a:696)
at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.j
ava:696)
at
javax.security.auth.login.LoginContext.login(LoginContext.java:5
97)
at Jaas.loginAndAction(Jaas.java:108)
.
N/A

Local fix

  • N/A

Problem summary

  • Krb5LoginModule.doCallbacks() is not checking for a null
password from interactive login,
so a generic NullPointerException from a String method later in
processing.

Problem conclusion

  • Updated Krb5LoginModule.doCallbacks() to check for a null
password from interactive
login, and throw a more descriptive "Null password"
LoginException..
The associated RTC PR is 137742
The associated Austin CMVC defect is 117836
The associated Austin APAR is IJ05516
JVMs affected: Java 8 & 7
The fix was delivered for: Java 8 SR5 FP15, Java 7 SR10 FP25,
Java 727 SR4 FP25
The affected jars: ibmjgssprovider.jar
The build level of this jar for the affected releases is
"20180404"
.
This APAR will be fixed in the following Java Releases:
 8 SR5 FP15 (8.0.5.15)
 7 SR10 FP25 (7.0.10.25)
 7 R1 SR4 FP25 (7.1.4.25)
.
Contact your IBM Product's Service Team for these Service
Refreshes and Fix Packs.
For those running stand-alone, information about the available
Service Refreshes and Fix Packs can be found at:
 https://www.ibm.com/developerworks/java/jdk/

Temporary fix

  • N/A

Comments



APAR Information




    

  • APAR number
    IJ06332
    • 

  • Reported component name
    SECURITY
    • 

  • Reported component ID
    620700125
    • 

  • Reported release
    270
    • 

  • Status
    CLOSED PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2018-05-10
    • 

  • Closed date
    2018-05-10
    • 

  • Last modified date
    2018-05-10
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 




    

  • Fixed component name
    SECURITY
    • 

  • Fixed component ID
    620700125
    • 



Applicable component levels







 
 
 
 

 [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
 

 

 
 
 

 

 

 

 

 

 
Document Information


 

 

 Modified date:
 

 07 December 2020