APAR status
Closed as program error.
Error description
Error Message: If SASL/JGSS server/client sets its maximum receive buffer size to 0 which causes the maximum receive buffer size to be less than the computed size of mechanism token, JGSS should allow it and don't throw exception. . Stack Trace: WARNING: emptying DBPortPool to ldaptest.10gen.cc/54.225.191.151:27017 b/c of errorcom.mongodb.MongoException$Network: IOException authenticating the connectionat com.mongodb.DBPort$SaslAuthenticator.authenticate(DBPort.java:50 4)at com.mongodb.DBPort.authenticate(DBPort.java:322)at com.mongodb.DBPort.checkAuth(DBPort.java:333)at com.mongodb.DBTCPConnector.innerCall(DBTCPConnector.java:243)at com.mongodb.DBTCPConnector.call(DBTCPConnector.java:216)at com.mongodb.DBApiLayer$MyCollection.__find(DBApiLayer.java:288)a t com.mongodb.DB.command(DB.java:262)at com.mongodb.DB.command(DB.java:244)at com.mongodb.DBCollection.getCount(DBCollection.java:985)at com.mongodb.DBCollection.getCount(DBCollection.java:956)at com.mongodb.DBCollection.getCount(DBCollection.java:931)at com.mongodb.DBCollection.count(DBCollection.java:868)at JAASLogin$2.run(JAASLogin.java:88)at JAASLogin$2.run(JAASLogin.java:84)at java.security.AccessController.doPrivileged(AccessController.jav a:366)at javax.security.auth.Subject.doAs(Subject.java:572)at JAASLogin.main(JAASLogin.java:83)Caused by: javax.security.sasl.SaslException: Final handshake failed <OSB>Caused by org.ietf.jgss.GSSException, major code: 11, minor code: 0major string: General failure, unspecified at GSSAPI levelminor string: Input max size 0 less than computed required size 53<CSB>at com.ibm.security.sasl.gsskerb.GssKrb5Client.doFinalHandshake(Gss Krb5Client.java:309)at com.ibm.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Gs sKrb5Client.java:168)at com.mongodb.DBPort$SaslAuthenticator.authenticate(DBPort.java:49 3)... 16 moreCaused by: org.ietf.jgss.GSSException, major code: 11, minor code: 0major string: General failure, unspecified at GSSAPI levelminor string: Input max size 0 less than computed required size 53at com.ibm.security.jgss.i18n.I18NException.throwGSSException(I18NE xception.java:30)at com.ibm.security.jgss.GSSContextImpl.getWrapSizeLimit(GSSContext Impl.java:98)at com.ibm.security.sasl.gsskerb.GssKrb5Client.doFinalHandshake(Gss Krb5Client.java:254)... 18 more .
Local fix
Problem summary
IBM's implementation doesn't allow the maximum receive buffer size to be less than the computed size of mechanism token used by SASL server/client.
Problem conclusion
This APAR will be fixed in the following Java Releases: 7 R1 SR2 (7.1.2.0) 5.0 SR16 FP7 (5.0.16.7) 6 R1 SR9 (6.1.9.0) 7 SR8 (7.0.8.0) 6 SR17 (6.0.17.0) . Allow the maximum receive buffer size to be less than the computed size of mechanism token used by SASL server/client.The associated Austin CMVC defect is 115455.The associated Hursley CMVC defect is 202255.The associated RTC Problem Report is 64876.Platform affected: All platforms.JVMs affected: 5.0, 6.0, 6.26, 7.0, 7.27.Jars affected: ibmjgssprovider.jar.The fix will be available in 150_SR16_FP7, 160_SR17, 626_SR9, 170_SR8, 727_SR2.Build level is 20140507b.
Temporary fix
Comments
APAR Information
APAR number
IV60516
Reported component name
SECURITY
Reported component ID
620700125
Reported release
260
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-05-14
Closed date
2014-05-20
Last modified date
2014-05-30
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
R260 PSY
UP
R600 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"260","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
07 December 2020