'Krb5LoginModule: What is the cause of unexpected logout?

I am using JAAS to configure Kerberos authentication that uses com.sun.security.auth.module.Krb5LoginModule. The debug flag is enabled on each JAAS profile.

Also, these three JVM args are set:

-Dsun.security.krb5.debug=true
-Dsun.security.jgss.debug=true
-Dsun.security.spnego.debug=true

Roughly speaking, this is a pretty vanilla Spring Boot project that uses Kerberos to authenticate with other external services.

I was surprised in the middle of the day to see these logs: (some stuff censored)

sun.security.jgss.krb5.Krb5Context       : Krb5Context.wrap: data=[...]
sun.security.jgss.krb5.Krb5Context       : Krb5Context.wrap: token=[...]
c.s.s.auth.module.Krb5LoginModule        :           [Krb5LoginModule]: Entering logout
c.s.s.auth.module.Krb5LoginModule        :           [Krb5LoginModule]: logged out Subject
c.s.s.auth.module.Krb5LoginModule        : Debug is  true storeKey true useTicketCache true useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is /path/to/my.keytab refreshKrb5Config is false principal is username@REALM tryFirstPass is false useFirstPass is false storePass is false clearPass is false

Looking at the source code for class Krb5LoginModule, I found this logging comes from method logout(). The only caller I can find is abort() from same class. Then, I cannot find any callers for abort().

Who called logout() and why? (To be clear, there is nothing explicit in my code that calls logout()!)

Also, the last line (#5) in my log snip above comes from initialize(). So I guess re-init happened immediately following a "micro-outage" during Kerberos authentication?

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution	Source

'Krb5LoginModule: What is the cause of unexpected logout?

Sources

Related Questions