> JGSS is implemented in the JVM in 2 levels: the standard Java security > provider for Kerberos in sun.security.jgss.krb5.Krb5MechFactory and the JAAS > login module for Kerberos in com.sun.security.auth.module.Krb5LoginModule. > The problem is that in this hierarchy, the login module doesn't go through > the provider, but tries to read the credential cache (which is blocked by the > credential guard in Win platform). This is not an issue if Kerberos is used > via the JGSS API because it automatically does the JAAS login as needed, and > won't do it at all if a native implementation is used. However many libraries > (even some built-in ones in the JVM) still needlessly call login() before > using JGSS. > > This patch represents the configuration option ( `“doNotLogin”` ) to allow > skipping the login, with a system property (`“sun.security.auth.skipLogin”`) > to set the default value if this option is not provided. This way it would > not break the regular Java Kerberos provider and allow users to both > individually (via JAAS configs) and globally (via the property) set the > expected behavior
Alexey Bakhtin has updated the pull request incrementally with one additional commit since the last revision: Rename system property ------------- Changes: - all: https://git.openjdk.org/jdk/pull/15254/files - new: https://git.openjdk.org/jdk/pull/15254/files/7bf8ec45..efc7d7f1 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=15254&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=15254&range=00-01 Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod Patch: https://git.openjdk.org/jdk/pull/15254.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/15254/head:pull/15254 PR: https://git.openjdk.org/jdk/pull/15254
