Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6893158

AP_REQ check should use key version number (updated by 6907425)

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • P3
    • 7
    • 7
    • security-libs
    • None

    Backports

      Description

        In Kerberos, a server side program saves long term secret keys into a keytab file and uses it to authenticate AP_REQ messages sent by a client. The AP_REQ is encrypted by the KDC using a key stored in KDC's database. The key is identified by an encryption type and a key version number so that the server can locate the correct key from the keytab. Currently, Java only uses encrytion type to search for the key. If there are multiple keys with the same etype for a given server, it's quite likely that a wrong key is returned. The result is that the AP_REQ message cannot be authenticated and checksum error is thrown.

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-2184349 AP_REQ check should use key version number (updated by 6907425)

            • P3 - Major loss of function.
            • Resolved
            relates to

            Bug - A problem which impairs or prevents the functions of the product. JDK-6913636 kvno check in JSSE

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-6895415 backout 6867665

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. JDK-6907425 JCK Kerberos tests fail since b77

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-6867665 Problem with keytabs with multiple kvno's (key versions)

            • P3 - Major loss of function.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. JDK-6984764 kerberos fails if service side keytab is generated using JDK ktab

            • P3 - Major loss of function.
            • Closed

            Activity

              People

                weijun Weijun Wang
                weijun Weijun Wang
                Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: