VOOZH about

URL: https://www.ibm.com/support/pages/apar/IV81082

⇱ IV81082: JGSS'S CANONICALIZATION METHOD SHOULD ACCEPT STANDARD SPN

IV81082: JGSS'S CANONICALIZATION METHOD SHOULD ACCEPT STANDARD SPN

APAR status

  • Closed as program error.

Error description

  • Error Message: Application failed after upgrading to Java7 SR3
.
Stack Trace: Application failed after upgrading to Java7 SR3:
java.lang.Exception: No credential
 at
com.ibm.security.jgss.i18n.I18NException.throwException(I18NExce
ption.java:49)
 at
com.ibm.security.krb5.internal.TgsCredentials.acquireSvcCreds(Tg
sCredentials.java:582)
 at
com.ibm.security.krb5.Credentials.acquireSvcCreds(Credentials.ja
va:1602)
 at
com.ibm.security.jgss.mech.krb5.Krb5Context.initSecContext(Krb5C
ontext.java:460)
 at
com.ibm.security.jgss.mech.krb5.Krb5Context.initSecContext(Krb5C
ontext.java:805)
 at
com.ibm.security.jgss.mech.spnego.SPNEGOContext.createInitToken(
SPNEGOContext.java:1146)
 at
com.ibm.security.jgss.mech.spnego.SPNEGOContext.initSecContext(S
PNEGOContext.java:529)
 at
com.ibm.security.jgss.GSSContextImpl.initSecContext(GSSContextIm
pl.java:382)
 at
com.ibm.security.jgss.GSSContextImpl.initSecContext(GSSContextIm
pl.java:331)
.
Java7 GA works.

Local fix



Problem summary


    

  • This issue was introduced by Austin CMVC defect 116871, which
makes a canolicalizatoin call when creating a GSSNameImpl
instance.
This C14N call converts service name from service@server.fqdn to
service/server.fqdn@REALM format before initiating the context.
During initiation, another C14N is applied on the standard SPN
and results in a bad SPN. The later C14N turns out to be
unnecessary if the service name is already a standard SPN.



Problem conclusion


    

  • Check if the service name is a standard SPN. If the service name
is a standard SPN, no C14N is applied.
The corresponding Austin defect is 117151.
The corresponding RTC Problem Report is 107257.
Platform affected: All platforms.
JVMs affected: 6.0, 6.26, 7.0, 7.27, and 8.0.
Jars affected: ibmjgssprovider.jar.
The fix will be available in 160_SR16_FP25, 626_SR8_FP25,
170_SR9_FP40, 727_SR3_FP40, 180_SR3.
Build level is 20160202.
.
This APAR will be fixed in the following Java Releases:
 7 SR9 FP40 (7.0.9.40)
 7 R1 SR3 FP40 (7.1.3.40)
 8 SR3 (8.0.3.0)
 6 R1 SR8 FP25 (6.1.8.25)
 6 SR16 FP25 (6.0.16.25)
.
Contact your IBM Product's Service Team for these Service
Refreshes and Fix Packs.
For those running stand-alone, information about the available
Service Refreshes and Fix Packs can be found at:
 https://www.ibm.com/developerworks/java/jdk/



Temporary fix


    



Comments


    



APAR Information




    

  • APAR number
    IV81082
    • 

  • Reported component name
    SECURITY
    • 

  • Reported component ID
    620700125
    • 

  • Reported release
    260
    • 

  • Status
    CLOSED PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2016-02-02
    • 

  • Closed date
    2016-02-04
    • 

  • Last modified date
    2016-02-04
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 




    

  • Fixed component name
    SECURITY
    • 

  • Fixed component ID
    620700125
    • 



Applicable component levels


    

  • R260 PSY
       UP
    • 

  • R270 PSY
       UP
    • 

  • R600 PSY
       UP
    • 







 
 
 
 

 [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"260","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
 

 

 
 
 

 

 

 

 

 

 
Document Information


 

 

 Modified date:
 

 07 December 2020