APAR status
Closed as program error.
Error description
Error Message: Application failed after upgrading to Java7 SR3 . Stack Trace: Application failed after upgrading to Java7 SR3: java.lang.Exception: No credential at com.ibm.security.jgss.i18n.I18NException.throwException(I18NExce ption.java:49) at com.ibm.security.krb5.internal.TgsCredentials.acquireSvcCreds(Tg sCredentials.java:582) at com.ibm.security.krb5.Credentials.acquireSvcCreds(Credentials.ja va:1602) at com.ibm.security.jgss.mech.krb5.Krb5Context.initSecContext(Krb5C ontext.java:460) at com.ibm.security.jgss.mech.krb5.Krb5Context.initSecContext(Krb5C ontext.java:805) at com.ibm.security.jgss.mech.spnego.SPNEGOContext.createInitToken( SPNEGOContext.java:1146) at com.ibm.security.jgss.mech.spnego.SPNEGOContext.initSecContext(S PNEGOContext.java:529) at com.ibm.security.jgss.GSSContextImpl.initSecContext(GSSContextIm pl.java:382) at com.ibm.security.jgss.GSSContextImpl.initSecContext(GSSContextIm pl.java:331) . Java7 GA works.
Local fix
Problem summary
This issue was introduced by Austin CMVC defect 116871, which makes a canolicalizatoin call when creating a GSSNameImpl instance. This C14N call converts service name from service@server.fqdn to service/server.fqdn@REALM format before initiating the context. During initiation, another C14N is applied on the standard SPN and results in a bad SPN. The later C14N turns out to be unnecessary if the service name is already a standard SPN.
Problem conclusion
Check if the service name is a standard SPN. If the service name is a standard SPN, no C14N is applied. The corresponding Austin defect is 117151. The corresponding RTC Problem Report is 107257. Platform affected: All platforms. JVMs affected: 6.0, 6.26, 7.0, 7.27, and 8.0. Jars affected: ibmjgssprovider.jar. The fix will be available in 160_SR16_FP25, 626_SR8_FP25, 170_SR9_FP40, 727_SR3_FP40, 180_SR3. Build level is 20160202. . This APAR will be fixed in the following Java Releases: 7 SR9 FP40 (7.0.9.40) 7 R1 SR3 FP40 (7.1.3.40) 8 SR3 (8.0.3.0) 6 R1 SR8 FP25 (6.1.8.25) 6 SR16 FP25 (6.0.16.25) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available Service Refreshes and Fix Packs can be found at: https://www.ibm.com/developerworks/java/jdk/
Temporary fix
Comments
APAR Information
APAR number
IV81082
Reported component name
SECURITY
Reported component ID
620700125
Reported release
260
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-02-02
Closed date
2016-02-04
Last modified date
2016-02-04
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
R260 PSY
UP
R270 PSY
UP
R600 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"260","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
07 December 2020