Bug 1186132
| Summary: | KDC IPv6 addresses are not supported in krb5.conf in OpenJDK 6 | ||
|---|---|---|---|
| Product: | [JBoss] JBoss Enterprise Application Platform 6 | Reporter: | Josef Cacek <jcacek> |
| Component: | Security | Assignee: | Darran Lofthouse <darran.lofthouse> |
| Status: | CLOSED EOL | QA Contact: | Pavel Slavicek <pslavice> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.4.0 | CC: | anmiller, bdawidow, pskopek |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 1186129 | Environment: | |
| Last Closed: | 2019-08-19 12:48:53 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
If the KDC server hostname used in krb5.conf is defined as an IPv6 address, then the com.sun.security.auth.module.Krb5LoginModule fails because it wrongly parses the value. It uses only the part before the first colon as the hostname. For instance krb5.conf contains: [realms] JBOSS.ORG = { kdc = [2620:52:0:2804:5425:b1c4:c62d:82f4]:6088 } and the Krb5LoginModule tries to connect to a host "[2620". Exception stack trace: javax.security.auth.login.LoginException: [2620 at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:717) at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:559) ...