Hi,
FWIW, I've already file a bug report with Apple for this, but maybe you can help me. We have a program that authenticates against Active Directory using Krb5LoginModule. It's been working for years under Mac OS X, Windows, Linux and FreeBSD, but under Snow Leopard (Mac OS X 10.6), using JRE 1.6.0_15 it fails with the following stack trace:
09:16:36,451 ERROR LoginDialog:225 - Password check failed: java.lang.IllegalArgumentException: EncryptionKey: Key bytes cannot be null!
at sun.security.krb5.EncryptionKey.<init>(EncryptionKey.java:214)
at sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:191)
at sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:159)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:665)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at de.unikoeln.rrz.uklanadmin.services.LoginService.checkPassword(LoginService.java:47)
I've read the source and found that pre-auth works. Actually that's all we care about, we don't need the keys at all! But this call in Krb5LoginModule fails:
// update keys after pre-auth
encKeys = EncryptionKey.acquireSecretKeys(
password, principal.getSalt());
Please refer to http://openradar.appspot.com/radar?id=76405 for more details.