Details
-
Enhancement
-
Resolution: Fixed
-
P3
-
7, 8
-
b65
-
generic
-
generic
-
Verified
Backports
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8168922 | 7-pool | Ivan Gerasimov | P3 | Closed | Won't Fix |
Description
If a service account is trusted for delegation, it can request
service tickets on behalf of an authenticated user to any other
service accounts.
Constrained delegation is a way to restrict the service accounts
for which service tickets can be obtained. This seems a useful
feature to introduce.
See also: Comments section.
service tickets on behalf of an authenticated user to any other
service accounts.
Constrained delegation is a way to restrict the service accounts
for which service tickets can be obtained. This seems a useful
feature to introduce.
See also: Comments section.
Attachments
Issue Links
- backported by
-
JDK-8168922 introduce constrained Kerberos delegation
- Closed
- duplicates
-
JDK-7196902 GSSCredential doesn't return correct val for getRemainingLifetime() & getRemainingInitLifetime(oid)
- Closed
- relates to
-
JDK-6966259 should a principalname object always have a realm?
- Closed
-
JDK-8044215 Unable to initiate SpNego using a S4U2Proxy GSSCredential (Krb5ProxyCredential)
- Resolved
-
JDK-8046103 JEP 113: MS-SFU Kerberos 5 Extensions
- Closed