APAR status
Closed as program error.
Error description
Error Message: Customer tried to perform Kerberos login with same credential. The first login passed, but second login failed with "Cannot find KDC" error. java.security.krb5.kdc and java.security.krb5.realm are set before the second login. . Stack Trace: org.ietf.jgss.GSSException, major code: 11, minor code: 0 major string: General failure, unspecified at GSSAPI level minor string: Error: java.lang.Exception: Error: com.ibm.security.krb5.KrbException, status code: 60 message: Cannot find KDC for realm MODELERSSO.COM null com.ibm.security.krb5.KrbException, status code: 60 message: Cannot find KDC for realm MODELERSSO.COM at com.ibm.security.krb5.p.send(p.java:76) at com.ibm.security.krb5.KrbTgsReq.send(KrbTgsReq.java:124) at com.ibm.security.krb5.p.send(p.java:64) at com.ibm.security.krb5.KrbTgsReq.send(KrbTgsReq.java:120) . N/A
Local fix
1, remove the code to set java.security.krb5.kdc and java.security.krb5.realm before the second login. or 2, do not specify the Kerberos config file and set java.security.krb5.kdc and java.security.krb5.realm before the first login.
Problem summary
The problem is caused by a improper KDC search.
Problem conclusion
This defect will be fixed in the followig Java Releases: 7 SR6 FP1 (7.0.6.1) 7 R1 SR1 (7.1.1.0) 6 R1 SR7 FP1 (6.1.7.1) 6 SR15 FP1 (6.0.15.1) . Fixed the search order for KDC. The associated Hursley CMVC defect is 200563. The associated Austin CMVC defect is 114747. Platform affected: All platforms. JVMs affected: 6.0, 6.26, and 7.0. Jars affected: ibmjgssprovider.jar. The fix will be available in 160_SR15_FP1, 626_SR7_FP1, and 170_SR6_FP1. Build level is 20131113.
Temporary fix
Comments
APAR Information
APAR number
IV52151
Reported component name
SECURITY
Reported component ID
620700125
Reported release
260
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-11-15
Closed date
2013-11-25
Last modified date
2014-01-07
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
R260 PSY
UP
R600 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"260","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
07 January 2014