Dear Yamanaka-san,
I am testing Jsch 0.1.35 on the command line and the test programs
generates a GSSException message everytime, even though the connection
is successful. For example,
GSSException: No valid credentials provided (Mechanism level: Failed to
find any Kerberos Ticket)
at
sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential
.java:133)
at
sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFact
ory.java:72)
at
sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.jav
a:149)
at
sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:389)
at
sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:60)
at
sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:37)
at
sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:96
)
at
sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:178)
at
sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:158)
at com.jcraft.jsch.jgss.GSSContextKrb5.init(Unknown Source)
at com.jcraft.jsch.UserAuthGSSAPIWithMIC.start(Unknown Source)
at com.jcraft.jsch.Session.connect(Unknown Source)
at com.jcraft.jsch.Session.connect(Unknown Source)
I am not using Kerberos keytab but is testing using RSA key, DSA key and
password authentication. I have been running these tests since 0.1.20,
0.1.25, and 0.1.30, and they ran fine without unexpected error messages.
While it does not impede the capability of Jsch, it is very annoying to
see those messages. In reality, if there are no keys, Jsch automatically
tries the next authentication method, such as going on to passwords, and
no error message is generated. I would have thought that when there is
no Kerberos credential, it should also go to the next method silently.
Where Jsch is used for applications, it is even more desirable that such
messages not be generated.
Is there any easy way for those messages to be suppressed?
My own digging (1)
==================
Looking at the change log, I see that under "Changes since version
0.1.30:", it is stated that:
- feature: an option "PreferredAuthentications" is added.
The default value is
"gssapi-with-mic,publickey,keyboard-interactive,password".
That would make sense to me as the last version I tested was 0.1.30 and
that Change Log entry was meant for Jsch 0.1.31.
My own digging (2)
==================
One way is to modify the source code to not generate the GSSException
error warnings. I rather do that only as a last resort.
Another alternative is to put gssapi-with-mic at the back of that
PreferredAuthentications option, or take it out completely. However, I
tried generating the documentation using javadoc but there is no method
that sets PreferredAuthentications. I looked into the source code and it
appears that this is a configuration that is set in Jsch.java. There
appears to be no way to set this class variable apart from changing the
source code. Technically, that would be a change to the Jsch source as
well.
Hence the reason for this e-mail.
Sorry for the long explanation, but hopefully I have explained my
problem clearly.
Best regards.
--- cllee
This e-mail is classified as INTERNAL USE ONLY.
--
Chia-Ling LEE
IT Security Risk Management
UBS AG, Stamford Branch
400 Atlantic St, Stamford, CT 06901
Tel: +1-(203)719-3486
E-mail: [EMAIL PROTECTED]
Internet: www.ubs.com
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Atsuhiko
Yamanaka
Sent: Tuesday, October 16, 2007 3:57 AM
To: [email protected]
Subject: [JSch-users] ANNOUNCE: JSch 0.1.35
Hi there,
JSch 0.1.35 has been released.
It is available at
http://prdownloads.sourceforge.net/jsch/jsch-0.1.35.zip?download
and its md5sum is e796e751ed6c0b30ffdc766baca0ce65 And you can get its
byte code in jar file format at
http://prdownloads.sourceforge.net/jsch/jsch-0.1.35.jar?download
and its md5sum is c708dea101298fbdd1ad55765b435344 .
Changes since version 0.1.34:
- bugfix: the OutputStream from the channel may make the JVM
lockup in some case. FIXED.
There was a possibility that Channel#connect() may be failed
to initialize its internal without throwing the JSchException.
On such case, the write operation for OutputStream from
that channel will cause the system(JVM) to lock up.
- bugfix: ChannelSftp had problems filename globbing.
FIXED.
- bugfix: the message included in SSH_FXP_STATUS must be UTF-8.
FIXED.
- change: ChannelSftp supports the filename globbing for
the filename in multi-byte characters.
- change: ChannelSftp will internally handle filenames in UTF-8
encoding.
- feature: following methods have been added in ChannelSftp
String getServerVersion()
String getClientVersion()
void setFilenameEncoding(String encoding)
String getExtension(String key)
------------------------------------------------------------------------
-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
JSch-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jsch-users
Visit our website at http://www.ubs.com
This message contains confidential information and is intended only
for the individual named. If you are not the named addressee you
should not disseminate, distribute or copy this e-mail. Please
notify the sender immediately by e-mail if you have received this
e-mail by mistake and delete this e-mail from your system.
E-mails are not encrypted and cannot be guaranteed to be secure or
error-free as information could be intercepted, corrupted, lost,
destroyed, arrive late or incomplete, or contain viruses. The sender
therefore does not accept liability for any errors or omissions in the
contents of this message which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version. This
message is provided for informational purposes and should not be
construed as a solicitation or offer to buy or sell any securities
or related financial instruments.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
JSch-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jsch-users
