Logging missing keytab file in Krb5LoginModule

Mon, 16 Aug 2021 16:37:56 -0700 

Dear All,

I am wondering if someone would be kind enough to sponsor the following
small change:

When debugging is enabled for com.sun.security.auth.module.Krb5LoginModule
and the file specified by "keyTab" is not found, Krb5LoginModule simply
emits a generic message, similar to this:
"Key for the principal foo...@acme.com not available in
/home/foobar/foobar.keytab"

This message can be quite confusing and counterintuitive if the file is
actually not there, because, based on the message, one would think that the
JVM probed the file, found it, loaded the data, but still could not use the
keytab data.

I would propose adding further debug logging to Krb5LoginModule so as to
emit a warning in case the key was not found, due to the file not being
present, readable or a being a directory.

Please find attached the patch file: it is trivial, and only affects a
debug branch of the code.

Please let me know what you think.

Thanks,
Peter

Index: src/jdk.security.auth/share/classes/com/sun/security/auth/module/Krb5LoginModule.java
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- src/jdk.security.auth/share/classes/com/sun/security/auth/module/Krb5LoginModule.java	(revision d06d0b9e9d9d27aa549455f19b9803752431bcbb)
+++ src/jdk.security.auth/share/classes/com/sun/security/auth/module/Krb5LoginModule.java	(date 1629040023390)
@@ -732,6 +732,23 @@
                                      " not available in " +
                                      ((keyTabName == null) ?
                                       "default key tab" : keyTabName));
+
+                                if (keyTabName != null) {
+                                    File keyTabFile = new File(keyTabName);
+                                    try {
+                                        if (!keyTabFile.exists()) {
+                                            System.out.println("WARNING: keyTab file does not exist: " + keyTabName);
+                                        }
+                                        if (!keyTabFile.canRead()) {
+                                            System.out.println("WARNING: keyTab file cannot be read: " + keyTabName);
+                                        }
+                                        if (!keyTabFile.isFile()) {
+                                            System.out.println("WARNING: keyTab file is not a file: " + keyTabName);
+                                        }
+                                    } catch (SecurityException ignoredSecurityException) {
+                                        // do nothing if security manager rejects the check
+                                    }
+                                }
                             }
                         }
                     }

Reply via email to