VOOZH about

URL: https://www.ibm.com/support/pages/apar/IJ30942

⇱ IJ30942: KERBEROS TICKET RENEWAL FAILS WITH DEBUG ENABLED FOLLOWING JAVA.LANG.ILLEGALSTATEEXCEPTION: THIS TICKET IS NO LONGER VALID TICKE

IJ30942: KERBEROS TICKET RENEWAL FAILS WITH DEBUG ENABLED FOLLOWING JAVA.LANG.ILLEGALSTATEEXCEPTION: THIS TICKET IS NO LONGER VALID TICKE

APAR status

  • Closed as program error.

Error description

  • Error Message: N/A
.
Stack Trace: Java callstack:
java.lang.IllegalStateException: This ticket is no longer valid
 at
javax.security.auth.kerberos.KerberosTicket.toString(KerberosTic
ket.java:632)
 at java.lang.String.valueOf(String.java:3404)
 at com.ibm.security.jgss.mech.krb5.C.a(Unknown Source)
 at com.ibm.security.jgss.mech.krb5.C.a(Unknown Source)
 at com.ibm.security.jgss.mech.krb5.Krb5Util.a(Unknown Source)
 at com.ibm.security.jgss.mech.krb5.h.a(Unknown Source)
 at com.ibm.security.jgss.mech.krb5.h.run(Unknown Source)
 at
java.security.AccessController.doPrivileged(AccessController.jav
a:696)
 at com.ibm.security.jgss.mech.krb5.g.a(Unknown Source)
 at com.ibm.security.jgss.mech.krb5.g.initSecContext(Unknown
Source)
 at
com.ibm.security.jgss.GSSContextImpl.initSecContext(Unknown
Source)
 at
com.ibm.security.jgss.GSSContextImpl.initSecContext(Unknown
Source)
.

Local fix

  • N/A

Problem summary

  • With debug enabled, KerberosTicket.toString() throws
"java.lang.IllegalStateException: This ticket is no longer
valid" if
KerberosTicket.destroyed is true. This results in abnormal
termination of execution, causing Kerberos ticket renewal to
fail.

Problem conclusion

  • Modified KerberosTicket.toString() to print a string indicating
that the ticket is in a destroyed state, instead of
throwing an exception.
The files affected by this APAR are: ibmjgssfw.jar (Java 7:
build_20210218--51, Java 8: build_20210218--52).
The associated Hursley RTC Problem Report is PR144993.
The associated Austin Git issue is Issue# 8 for IBMJGSS.
The associated Austin APAR issue is IJ30431.
JVMs affected include: Java 7.0, Java 7.1, and Java 8.0.
The fix was delivered for Java 8.0 SR6 FP30, Java 7.0 SR10 FP85,
and Java 7.1 SR4 FP85.
.
This APAR will be fixed in the following Java Releases:
 8 SR6 FP30 (8.0.6.30)
 7 SR10 FP85 (7.0.10.85)
 7 R1 SR4 FP85 (7.1.4.85)
.
Contact your IBM Product's Service Team for these Service
Refreshes and Fix Packs.
For those running stand-alone, information about the available
Service Refreshes and Fix Packs can be found at:
 https://www.ibm.com/developerworks/java/jdk/

Temporary fix



Comments


    



APAR Information




    

  • APAR number
    IJ30942
    • 

  • Reported component name
    SECURITY
    • 

  • Reported component ID
    620700125
    • 

  • Reported release
    270
    • 

  • Status
    CLOSED PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2021-02-18
    • 

  • Closed date
    2021-03-03
    • 

  • Last modified date
    2021-03-03
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SECURITY
    • 

  • Fixed component ID
    620700125
    • 



Applicable component levels







 
 
 
 

 [{"Line of Business":{"code":"LOB36","label":"IBM Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270"}]
 

 

 
 
 

 

 

 

 

 

 
Document Information


 

 

 Modified date:
 

 05 March 2021