[
https://issues.apache.org/jira/browse/HTTPCLIENT-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13002960#comment-13002960
]
Oleg Kalnichevski commented on HTTPCLIENT-1067:
-----------------------------------------------
Gaurav
Would it be a big deal for you to create a diff file with the changes?
Oleg
> Cross realm authentication doesn't work
> ---------------------------------------
>
> Key: HTTPCLIENT-1067
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1067
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.1 Final
> Reporter: Gaurav Singhal
> Labels: httpclient
> Attachments: NegotiateScheme.java
>
>
> Cross realm authentication doesn't work because of incomplete server SPN
> passed into GSS-API.
> Class Name: NegotiateScheme
> Line # 205 (GSSName serverName = manager.createName("HTTP/" + authServer,
> null);)
> This piece of code doesn't append the server realm while creating name.
> Because of null server realm, jdk always append default realm by reading
> krb5.conf file. but there can be case where server realm is different than
> default realm configured in krb5.conf file.
> Modified code:
> ----------------------------------------------------------------------------------------------------------------------------------------
> String strServerName = Krb5Utility.mapDomainToRealm(authServer);
> strServerName = strServerName == null ? "" : ("@" + strServerName);
> GSSName serverName = manager.createName("HTTP/" + authServer + strServerName,
> null);
> ----------------------------------------------------------------------------------------------------------------------------------------
> Krb5Utility.mapDomainToRealm method code
> ----------------------------------------------------------------------------------------------------------------------------------------
> public static String mapDomainToRealm(String name) {
> String result = null;
> try {
> String subname = null;
> Config c = Config.getInstance();
> if ((result = c.getDefault(name, "domain_realm")) != null)
> return result;
> else {
> for (int i = 1; i < name.length(); i++) {
> // mapping could be .ibm.com = AUSTIN.IBM.COM
> if ((name.charAt(i) == '.') && (i !=
> name.length() - 1)) {
> subname = name.substring(i);
> result = c.getDefault(subname,
> "domain_realm");
> if (result != null) {
> break;
> } else {
> // or mapping could be ibm.com
> = AUSTIN.IBM.COM
> subname = name.substring(i + 1);
> result = c.getDefault(subname,
> "domain_realm");
> if (result != null) {
> break;
> }
> }
> }
> }
> }
> } catch (KrbException e) {
> }
> return result;
> }
> ----------------------------------------------------------------------------------------------------------------------------------------
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
