[JBoss JIRA] (SECURITY-772) SPNEGOLoginModule does not always respect removeRealmFromPrincipal

Saturday, 28 June 2014



    [
https://issues.jboss.org/browse/SECURITY-772?page=com.atlassian.jira.plug...
] 

RH Bugzilla Integration commented on SECURITY-772:
--------------------------------------------------

mark yarborough <myarboro(a)redhat.com&gt; changed the Status of [bug
1039955|https://bugzilla.redhat.com/show_bug.cgi?id=1039955] from VERIFIED to CLOSED

...
 SPNEGOLoginModule does not always respect removeRealmFromPrincipal
 ------------------------------------------------------------------

                 Key: SECURITY-772
                 URL: https://issues.jboss.org/browse/SECURITY-772
             Project: PicketBox 
          Issue Type: Bug
      Security Level: Public(Everyone can see) 
          Components: Negotiation
    Affects Versions: Negotiation_2_2_6
            Reporter: Tom Fonteyne
            Assignee: Tom Fonteyne
            Priority: Minor
             Fix For: Negotiation_2_2_7


 org.jboss.security.negotiation.spnego.SPNEGOLoginModule
 private class AcceptSecContext:
  if (gssContext.isEstablished())
  {
      log.warn("Authentication was performed despite already being
authenticated!");
      // TODO - Refactor to only do this once.
     setIdentity(new KerberosPrincipal(gssContext.getSrcName().toString()));
 The last line should obey the "removeRealmFromPrincipal" flag similarly as a
bit further down:
  setIdentity(createIdentity(gssContext.getSrcName().toString())); 


--
This message was sent by Atlassian JIRA
(v6.2.6#6264)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006