pingidentity
Refresh javax.security.auth.login.Configuration
When I use GSSAPIBindRequest with a keytab file specified with keyTabPath property of GSSAPIBindRequestProperties I get the error "javax.security.auth.login.LoginException: No LoginModules configured for GSSAPIBindRequest".
2020-02-12 11:50:31.869 INFO 6757 --- [main] com.unboundid.ldap.sdk : level="INFO" threadID=1 threadName="main" ldapSDKVersion="4.0.14" revision="c0fb784eebf9d36a67c736d0428fb3577f2e25bb" connectedTo="some-dc:389" connectionID=0
2020-02-12 11:50:31.870 INFO 6757 --- [main] com.unboundid.ldap.sdk : level="INFO" threadID=1 threadName="main" ldapSDKVersion="4.0.14" revision="c0fb784eebf9d36a67c736d0428fb3577f2e25bb" message="Setting the SO_TIMEOUT value for connection LDAPConnection(not connected) to 300000ms."
2020-02-12 11:50:31.883 INFO 6757 --- [main] com.unboundid.ldap.sdk : level="CONFIG" threadID=1 threadName="main" ldapSDKVersion="4.0.14" revision="c0fb784eebf9d36a67c736d0428fb3577f2e25bb" message="Using config file property java.security.auth.login.config = '/tmp/GSSAPIBindRequest-JAAS-Config-8982342481995730504.conf'."
2020-02-12 11:50:31.884 INFO 6757 --- [main] com.unboundid.ldap.sdk : level="CONFIG" threadID=1 threadName="main" ldapSDKVersion="4.0.14" revision="c0fb784eebf9d36a67c736d0428fb3577f2e25bb" message="Using subject creds only property javax.security.auth.useSubjectCredsOnly = 'true'."
2020-02-12 11:50:31.884 INFO 6757 --- [main] com.unboundid.ldap.sdk : level="CONFIG" threadID=1 threadName="main" ldapSDKVersion="4.0.14" revision="c0fb784eebf9d36a67c736d0428fb3577f2e25bb" message="Using kdcAddress property java.security.krb5.kdc = 'some-dc'."
2020-02-12 11:50:31.884 INFO 6757 --- [main] com.unboundid.ldap.sdk : level="CONFIG" threadID=1 threadName="main" ldapSDKVersion="4.0.14" revision="c0fb784eebf9d36a67c736d0428fb3577f2e25bb" message="Using realm property java.security.krb5.realm = 'some-domain'."
javax.security.auth.login.LoginException: No LoginModules configured for GSSAPIBindRequest
at javax.security.auth.login.LoginContext.init(LoginContext.java:264)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:417)
at com.unboundid.ldap.sdk.GSSAPIBindRequest.process(GSSAPIBindRequest.java:1260)
at com.unboundid.ldap.sdk.LDAPConnection.processBindOperation(LDAPConnection.java:4385)
at com.unboundid.ldap.sdk.LDAPConnection.bind(LDAPConnection.java:2296)
at com.unboundid.ldap.sdk.LDAPConnectionPool.createConnection(LDAPConnectionPool.java:1352)
at com.unboundid.ldap.sdk.LDAPConnectionPool.createConnection(LDAPConnectionPool.java:1256)
at com.unboundid.ldap.sdk.LDAPConnectionPool.<init>(LDAPConnectionPool.java:1197)
at com.unboundid.ldap.sdk.LDAPConnectionPool.<init>(LDAPConnectionPool.java:1050)
The problem is the empty config in javax.security.auth.login.LoginContext. The empty configuration was loaded in sun.security.provider.ConfigFile before system property java.security.auth.login.config had been set in GSSAPIBindRequest.
Therefore when System.getProperty("java.security.auth.login.config") in ConfigFile is called, we get null value - no configuration file.
I can add Configuration.setConfiguration(null) after new GSSAPIBindRequest(properties), but call Configuration.getConfiguration().refresh() inside GSSAPIBindRequest before LoginContext creation is more preferable.
I tested both solutions and both works fine. I would appreciate if you add update for the configuration in GSSAPIBindRequest.
I've just committed an update to the GSSAPIBindRequest class that refreshes the configuration before creating the LoginContext. Could you please test it and verify that it works as expected in your environment?
Thank you, I will test it as soon as possible. At first glance everything looks ok.
The 5.0.0 release of the LDAP SDK is now available and includes the fix for this issue.