From 1b258f0677166b375c3748a07f4518359b7d980e Mon Sep 17 00:00:00 2001 From: Geoffrey Thomas Date: Mon, 8 Aug 2022 08:16:18 -0400 Subject: [PATCH] AuthGssApiWithMic: Use default client creds instead of remote username (#743) Previously, AuthGssApiWithMic used params.getUsername() to create the local client credential object. However, at least when using the native GSS libraries (sun.security.jgss.native=true), the username would need to be something like "user@EXAMPLE.COM", not "user", or the library is unable to find credentials. Also, your remote username might not be your local username. Instead, and more simply, call the GSSManager#createCredential variant that just uses default credentials, which should handle both of these cases. Tested on Windows using SSPI. I haven't tested this patch on Linux but I have confirmed that this form of call to createCredential works as I expect when using the native GSS/Kerberos library there too. Co-authored-by: Jeroen van Erp --- .../net/schmizz/sshj/userauth/method/AuthGssApiWithMic.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/main/java/net/schmizz/sshj/userauth/method/AuthGssApiWithMic.java b/src/main/java/net/schmizz/sshj/userauth/method/AuthGssApiWithMic.java index e9facf3f..48890e3d 100644 --- a/src/main/java/net/schmizz/sshj/userauth/method/AuthGssApiWithMic.java +++ b/src/main/java/net/schmizz/sshj/userauth/method/AuthGssApiWithMic.java @@ -84,8 +84,7 @@ public class AuthGssApiWithMic @Override public GSSContext run() throws GSSException { - GSSName clientName = manager.createName(params.getUsername(), GSSName.NT_USER_NAME); - GSSCredential clientCreds = manager.createCredential(clientName, GSSContext.DEFAULT_LIFETIME, selectedOid, GSSCredential.INITIATE_ONLY); + GSSCredential clientCreds = manager.createCredential(GSSCredential.INITIATE_ONLY); GSSName peerName = manager.createName("host@" + params.getTransport().getRemoteHost(), GSSName.NT_HOSTBASED_SERVICE); GSSContext context = manager.createContext(peerName, selectedOid, clientCreds, GSSContext.DEFAULT_LIFETIME);