APAR status
Closed as program error.
Error description
Error Message: If JGSS fails to get credentials from Subject, it should perform JAAS login as the last resort.IBM's JGSS implementation does not do that. . Stack Trace: org.ietf.jgss.GSSException, major code: 13, minor code: 0major string: Invalid credentialsminor string: Cannot get credential for principal svoruga@MONGODB.COMatcom.ibm.security.jgss.i18n.I18NException.th rowGSSException(I18NException.java:33)at com.ibm.security.jgss.mech.krb5.y.a(y.java:404)at com.ibm.security.jgss.mech.krb5.y.a(y.java:213)at com.ibm.security.jgss.mech.krb5.y.a(y.java:89)at com.ibm.security.jgss.mech.krb5.y.<init>(y.java:13)atcom.ibm.sec urity.jgss.mech.krb5.Krb5MechFactory.getCredentialElement(Krb5Me chFactory.java:51)atcom.ibm.security.jgss.GSSManagerImpl.createM echCredential(GSSManagerImpl.java:35)atcom.ibm.security.jgss.GSS CredentialImpl.add(GSSCredentialImpl.java:22)atcom.ibm.security. jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:174)atcom.i bm.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl. java:34) .
Local fix
Problem summary
JGSS implementation does not perform JAAS login after failing to get credentials from Subject.
Problem conclusion
This APAR will be fixed in the following Java Releases: 7 SR7 FP1 (7.0.7.1) 6 SR16 FP1 (6.0.16.1) 6 R1 SR8 FP1 (6.1.8.1) 7 R1 SR1 FP1 (7.1.1.1) . Perform JAAS login when when JGSS fails to get credentials from Subject.New implementation requires to set javax.security.auth.useSubjectCredsOnly to false.The associated Austin CMVC defect is 115409.The associated RTC PR is 63098.Platform affected: All platforms.JVMs affected: 6.0, 6.26, 7.0, 7.27.Jars affected: ibmjgssprovider.jar.The fix will be available in 160_SR16_FP1, 626_SR8_FP1, 170_SR7_FP1, 727_SR1_FP1 . Build level is 20140507b
Temporary fix
Comments
APAR Information
APAR number
IV60418
Reported component name
SECURITY
Reported component ID
620700125
Reported release
260
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-05-12
Closed date
2014-05-20
Last modified date
2014-07-16
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
R260 PSY
UP
R600 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"260","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
07 December 2020