Name: nt126004 Date: 01/24/2002


FULL PRODUCT VERSION :
java version "1.4.0-beta3"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.0-beta3-b84)
Java HotSpot(TM) Client VM (build 1.4.0-beta3-b84, mixed mode)


FULL OPERATING SYSTEM VERSION :
Microsoft Windows 2000 [Version 5.00.2195]

ADDITIONAL OPERATING SYSTEMS :
All other OSs also effected


A DESCRIPTION OF THE PROBLEM :
The following settings may be used in the [libdefaults]
section of JRE 1.4.0 beta3's krb5.conf. Some are quite
important. Notably, Kerberos credential delegation is
impossible without setting "forwardable = true". (Unless
you use this setting, the credentials you get from using
LoginContext.login() won't be forwardable. As a result
your credentials won't be forwarded when you call
GSSContext.initSecContext(), even if you call
GSSContext.requestCredDeleg(true) first.)

forwardable = [true or false]
renewable = [true or false]
proxiable = [true or false]
kdc_default_options = [integer]

All of these should be properly documented. They are read
in method void c() of sun.security.krb5.internal.q (as can
be seen by using javap to convert this rt.jar class file to
human-readable byte-code).



This bug can be reproduced always.
(Review ID: 138438)
======================================================================