CODEWITHSUNDEEP
javakerberosjaasjava-7
RAY
RAY

Reputation: 7110

Credentials.acquireTGTFromCache(null, null) returns null using jre 7

I'm admittedly unfamiliar with the JAAS API, but need to help out with investigation with a problem we encountered while upgrading to jre 7. Apps that used to be able to auto-login using the currently logged on Windows users name stops working. After some poking around, it comes to this line of code.

sun.security.krb5.Credentials.Credentials.acquireTGTFromCache(null, null);

This returns null when using a jre 7 jvm, but returns the correct crendentials when using jre 6. I wrote a test class in its simplest form and still see the same behavior, so it cannot have been due to the code in our own classes. 

package test;

import sun.security.krb5.Credentials;

public class Scratch {
    public static void main(final String args[]) throws Exception {
        final Credentials yaoza = Credentials.acquireTGTFromCache(null, null);
        System.out.println(yaoza);
    }
}

Could this be some kind of configuration problems? Any answer or a pointer to the right direction would be greatly appreciated. Thank you!

Upvotes: 3

Views: 628

Answers (1)

Michael Bosworth
Michael Bosworth

Reputation: 2183

In the Windows registry, here: 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters

There apparently should be the following key: 

allowtgtsessionkey REG_DWORD (1)

...according to somebody in this thread: https://forums.oracle.com/forums/thread.jspa?threadID=2343216

As mentioned there, it might have been a bug in JDK6 that this was working in the first place.

Upvotes: 1

Related Questions