[OpenAFS] Windows Java Kerberos 5 implementation

John Tang Boyland boyland@uwm.edu
Mon, 24 Sep 2012 19:46:42 -0500

Dear OpenAFS community,
   This semester I have had a number of students who have problems
to do with kinit.  Sometimes, even after installing KfW, 
they have the following interaction:

     Password for XXX@CS.UWM.EDU:
     Exception: krb_error 0 Cannot locate default realm No error
     KrbException: Cannot locate default realm
             at sun.security.krb5.PrincipalName.<init>(PrincipalName.java:373)
             at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:209)
             at ...

So it seems that someone (the default JDK installation?)
installs a (non-working?) "kinit" command that sometimes
is higher in the path than where Heimdahl/MIT KfW installs.
(I once had someone go into the correct Heimdahl directory
and then they were able to run the correct binary.)

So, three questions:
(1) Is this Java "kinit" really that broken?
	(Why does it need a default realm if the principal includes the realm?)
(2) If so, how can we prevent it from causing things to fail?
(3) If not, can we somehow leverage it in the same way we leverage
    "kinit" on MacOSX ?

I have students use kinit since NIM is fragile: sometimes
my students can't get any of the plugins to work (not even Krb5)
and NIM is useless, and since I don't have time to debug NIM,
I have them use "kinit" at the command prompt.  It may be
my bias toward the command line is showing.

Best regards,