APAR status
Closed as program error.
Error description
Error Message: javax.security.auth.login.LoginException: Error creating key: java.lang.NullPointerException . Stack Trace: javax.security.auth.login.LoginException: Error creating key: java.lang.NullPointerException at com.ibm.security.jgss.i18n.I18NException.throwLoginException(I18 NException.java:166) at com.ibm.security.auth.module.Krb5LoginModule.createServiceKey(Kr b5LoginModule.java:1985) at com.ibm.security.auth.module.Krb5LoginModule.doLogin(Krb5LoginMo dule.java:474) at com.ibm.security.auth.module.Krb5LoginModule.login(Krb5LoginModu le.java:346) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessor Impl.java:90) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethod AccessorImpl.java:55) at java.lang.reflect.Method.invoke(Method.java:508) at javax.security.auth.login.LoginContext.invoke(LoginContext.java: 788) at javax.security.auth.login.LoginContext.access$000(LoginContext.j ava:196) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:6 98) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:6 96) at java.security.AccessController.doPrivileged(AccessController.jav a:696) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.j ava:696) at javax.security.auth.login.LoginContext.login(LoginContext.java:5 97) at Jaas.loginAndAction(Jaas.java:108) . N/A
Local fix
N/A
Problem summary
Krb5LoginModule.doCallbacks() is not checking for a null password from interactive login, so a generic NullPointerException from a String method later in processing.
Problem conclusion
Updated Krb5LoginModule.doCallbacks() to check for a null password from interactive login, and throw a more descriptive "Null password" LoginException.. The associated RTC PR is 137742 The associated Austin CMVC defect is 117836 The associated Austin APAR is IJ05516 JVMs affected: Java 8 & 7 The fix was delivered for: Java 8 SR5 FP15, Java 7 SR10 FP25, Java 727 SR4 FP25 The affected jars: ibmjgssprovider.jar The build level of this jar for the affected releases is "20180404" . This APAR will be fixed in the following Java Releases: 8 SR5 FP15 (8.0.5.15) 7 SR10 FP25 (7.0.10.25) 7 R1 SR4 FP25 (7.1.4.25) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available Service Refreshes and Fix Packs can be found at: https://www.ibm.com/developerworks/java/jdk/
Temporary fix
N/A
Comments
APAR Information
APAR number
IJ06332
Reported component name
SECURITY
Reported component ID
620700125
Reported release
270
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-05-10
Closed date
2018-05-10
Last modified date
2018-05-10
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
07 December 2020