Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7110803 SASL service for multiple hostnames
  3. JDK-8001104

Unbound SASL service: the GSSAPI/krb5 mech

    XMLWordPrintable

Details

    Description

      Further enable unbound SASL for the GSSAPI/krb5 mech, so that the server can accept requests to any service that it has keys in its keytab.

      Precisely, in the main task, we can already create a GSSAPI SASL server with serverName == null, but the service principal is still a concrete value that must be provided by the underlying mechanism, in this case, the principal value in the JAAS login conf file. In this sub task, there is no need to specify this principal field anymore. The client can request for any service principal name, as long as the server can find keys for the service principal in its keytab file, the authentication can go on and the server acts as that principal.

      Attachments

        Issue Links

          Activity

            People

              weijun Weijun Wang
              weijun Weijun Wang
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: