Dear Yamanaka-san, Unfortunately, this patch does not work for me. The result is just the same as if I set useSubjectCredsOnly=false on the command line, that is:
java -Djavax.security.auth.useSubjectCredsOnly=false ... The error message is: java.lang.SecurityException: Unable to locate a login configuration Best regards. --- cllee This e-mail is classified as INTERNAL USE ONLY. -- Chia-Ling LEE IT Security Risk Management UBS AG, Stamford Branch 400 Atlantic St, Stamford, CT 06901 Tel: +1-(203)719-3486 E-mail: [EMAIL PROTECTED] Internet: www.ubs.com -----Original Message----- From: Atsuhiko Yamanaka [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 24, 2007 10:26 AM To: Lee, Chia-Ling Cc: [email protected] Subject: Re: [JSch-users] ANNOUNCE: JSch 0.1.35 Hi, +-From: <[EMAIL PROTECTED]> ---------- |_Date: Wed, 24 Oct 2007 10:07:42 -0400 __ | |For reasons of my own, I rather wait for 0.1.36 instead of patching |0.l.35. If you roll out 0.1.35, if it is possible, may I request that |the default PreferredAuthentications be set to |"publickey,keyboard-interactive,password" instead of |""gssapi-with-mic,publickey,keyboard-interactive,password"? That would |help remove the annoying messages in stderr. As for that annoying messages in stderr, may I ask you to try following patch? diff -Naur jsch-0.1.35/src/com/jcraft/jsch/jgss/GSSContextKrb5.java jsch-0.1.36/src/com/jcraft/jsch/jgss/GSSContextKrb5.java --- jsch-0.1.35/src/com/jcraft/jsch/jgss/GSSContextKrb5.java Sat Aug 11 12:54:14 2007 +++ jsch-0.1.36/src/com/jcraft/jsch/jgss/GSSContextKrb5.java Tue Oct 23 20:44:17 2007 @@ -42,6 +42,12 @@ import org.ietf.jgss.Oid; public class GSSContextKrb5 implements com.jcraft.jsch.GSSContext{ + + private static final String pUseSubjectCredsOnly = + "javax.security.auth.useSubjectCredsOnly"; + private static String useSubjectCredsOnly = + getSystemProperty(pUseSubjectCredsOnly); + private GSSContext context=null; public void create(String user, String host) throws JSchException{ try{ @@ -111,11 +117,24 @@ public byte[] init(byte[] token, int s, int l) throws JSchException { try{ + // Without setting "javax.security.auth.useSubjectCredsOnly" to "false", + // Sun's JVM for Un*x will show messages to stderr in + // processing context.initSecContext(). + // This hack is not thread safe ;-<. + // If that property is explicitly given, this hack must not be invoked. + if(useSubjectCredsOnly==null){ + setSystemProperty(pUseSubjectCredsOnly, "false"); + } return context.initSecContext(token, 0, l); } catch(GSSException ex){ throw new JSchException(ex.toString()); } + finally{ + if(useSubjectCredsOnly==null){ + setSystemProperty(pUseSubjectCredsOnly, "true"); + } + } } public byte[] getMIC(byte[] message, int s, int l){ @@ -135,4 +154,20 @@ catch(GSSException ex){ } } + + private static String getSystemProperty(String key){ + try{ return System.getProperty(key); } + catch(Exception e){ + // We are not allowed to get the System properties. + return null; + } + } + + // We may be not allowed to change the System properties. + private static void setSystemProperty(String key, String value){ + try{ System.setProperty(key, value); } + catch(Exception e){ + // We are not allowed to set the System properties. + } + } } Visit our website at http://www.ubs.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mails are not encrypted and cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ JSch-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jsch-users
