-
Type:
Enhancement
-
Resolution: Won't Fix
-
Priority:
P3
-
None
-
Affects Version/s: None
-
Component/s: security-libs
-
None
-
generic
-
generic
In order to get a service ticket, we need to send a TGS_REQ to KDC which is encrypted with the session key from the TGT. In recent versions of Windows, the session key in TGT is disabled by default (etype = 0), a registry key must be set to get it enabled. This RFE uses a native Win API to retrieve the service ticket without the registry setting.
See http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/tutorials/Troubleshooting.html
In Vista, when a user is in the local admin group, even if (s)he tries to add the allowtgtsessionkey registry entry and change the etype to non-zero, the key bytes are still zeroes. In this case, there's no workaround.
See http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/tutorials/Troubleshooting.html
In Vista, when a user is in the local admin group, even if (s)he tries to add the allowtgtsessionkey registry entry and change the etype to non-zero, the key bytes are still zeroes. In this case, there's no workaround.
- duplicates
-
JDK-8149900 Kerberos native credentials
-
- Closed
-
- relates to
-
-
- Resolved
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-