APAR status
Closed as program error.
Error description
Error Message: N/A . Stack Trace: Java callstack: <OSB>KRB_DBG_KDC<CSB> KRBError:main: error Message is Server not found in Kerberos database <OSB>KRB_DBG_KDC<CSB> KRBError:main: sname is cifs/your.host.name.here.com@HOME.HOME.ON.THE.RANGE.COM <OSB>KRB_DBG_KDC<CSB> KRBError:main: msgType is 30 com.ibm.security.krb5.KrbException, status code: 7 message: :cifs/your.host.name.here.com@HOME.HOME.ON.THE.RANGE.COM at com.ibm.security.krb5.KrbTgsRep.<init>(Unknown Source) at com.ibm.security.krb5.KrbTgsReq.getReply(Unknown Source) at com.ibm.security.krb5.KrbTgsReq.sendAndGetCreds(Unknown Source) at com.ibm.security.krb5.internal.l.b(Unknown Source) at com.ibm.security.krb5.internal.l.a(Unknown Source) at com.ibm.security.krb5.Credentials.acquireServiceCreds(Unknown Source) at com.ibm.security.krb5.Credentials.acquireServiceCreds(Unknown Source) at com.ibm.security.jgss.mech.krb5.g.a(Unknown Source) at com.ibm.security.jgss.mech.krb5.g.initSecContext(Unknown Source) at com.ibm.security.jgss.mech.spnego.SPNEGOContext.a(Unknown Source) at com.ibm.security.jgss.mech.spnego.SPNEGOContext.initSecContext(U nknown Source) at com.ibm.security.jgss.GSSContextImpl.initSecContext(Unknown Source) at com.ibm.security.jgss.GSSContextImpl.initSecContext(Unknown Source) at com.hierynomus.smbj.auth.SpnegoAuthenticator.authenticateSession (SpnegoAuthenticator.java:88) at com.hierynomus.smbj.auth.SpnegoAuthenticator.access$000(SpnegoAu thenticator.java:38) at com.hierynomus.smbj.auth.SpnegoAuthenticator$1.run(SpnegoAuthent icator.java:64) at com.hierynomus.smbj.auth.SpnegoAuthenticator$1.run(SpnegoAuthent icator.java:62) at java.security.AccessController.doPrivileged(AccessController.jav a:770) at javax.security.auth.Subject.doAs(Subject.java:570) at com.hierynomus.smbj.auth.SpnegoAuthenticator.authenticate(Spnego Authenticator.java:62) at com.hierynomus.smbj.connection.Connection.processAuthenticationT oken(Connection.java:224) at com.hierynomus.smbj.connection.Connection.authenticate(Connectio n.java:180) at com.wallyworld.file.download.KerberosAuthenticationPMR.downloadF ilesUsingKBRAuth(KerberosAuthenticationPMR.java:97) at com.wallyworld.file.download.KerberosAuthenticationPMR.main(Kerb erosAuthenticationPMR.java:74) .
Local fix
N/A
Problem summary
The Krb5Name.getHostBasedNameString() method is incorrectly performing DNS lookup on host-based service, based on the "dns_lookup_realm=true" option. This results in an inappropriate mapping of the original Kerberos target SPN to a random non-Kerberos SPN, which is not registered with the KDC.
Problem conclusion
Per RFC 4102, removed the host-based service DNS lookup code from the Krb5Name.getHostBasedNameString() method. The files affected by this APAR are: ibmjgssprovider.jar (Java 7 & 7.1: build_20210405--70, Java 8: build_20210405--69). The associated Hursley RTC Problem Report is 145158. The associated Austin Git issue is Issue# 16 for IBMJGSS. The associated Austin APAR issue is IJ31054. The fix was delivered for: Java 7.0 SR10 FP90, Java 7.1 SR4 FP90, & Java 8.0 SR6 FP35. . This APAR will be fixed in the following Java Releases: 8 SR6 FP35 (8.0.6.35) 7 SR10 FP90 (7.0.10.90) 7 R1 SR4 FP90 (7.1.4.90) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available Service Refreshes and Fix Packs can be found at: https://www.ibm.com/developerworks/java/jdk/
Temporary fix
Comments
APAR Information
APAR number
IJ31990
Reported component name
SECURITY
Reported component ID
620700125
Reported release
270
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2021-04-06
Closed date
2021-04-09
Last modified date
2021-04-09
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
[{"Line of Business":{"code":"LOB36","label":"IBM Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270"}]
Document Information
Modified date:
10 April 2021