Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8131051

KDC might issue a renewable ticket even if not requested

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P3 P3
    • 9
    • None
    • security-libs

        Java compares the renewable flag in the request and reply and throw an exception if they are not the same, but this might not always be correct. If the client requests for a ticket with a ticket_lifetime that the KDC considers too long, it (For example, the one in MIT krb5) might issue a ticket with a shorter ticket_lifetime but makes it renewable with a renew_lifetime that is equal to the ticket_lifetime request.

        Before jdk9, java does not allow setting ticket_lifetime and the KDC will always issue a ticket with a default lifetime and the above will not happen. After jdk9, this is allowed and will trigger this error.

              weijun Weijun Wang
              weijun Weijun Wang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: