Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8131051

KDC might issue a renewable ticket even if not requested

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • P3
    • Resolution: Fixed
    • None
    • 9
    • security-libs

    Backports

      Description

        Java compares the renewable flag in the request and reply and throw an exception if they are not the same, but this might not always be correct. If the client requests for a ticket with a ticket_lifetime that the KDC considers too long, it (For example, the one in MIT krb5) might issue a ticket with a shorter ticket_lifetime but makes it renewable with a renew_lifetime that is equal to the ticket_lifetime request.

        Before jdk9, java does not allow setting ticket_lifetime and the KDC will always issue a ticket with a default lifetime and the above will not happen. After jdk9, this is allowed and will trigger this error.

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8136000 KDC might issue a renewable ticket even if not requested

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8210937 KDC might issue a renewable ticket even if not requested

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8211082 KDC might issue a renewable ticket even if not requested

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8214657 KDC might issue a renewable ticket even if not requested

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8221003 KDC might issue a renewable ticket even if not requested

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8240044 KDC might issue a renewable ticket even if not requested

            • P3 - Major loss of function.
            • Resolved
            relates to

            Enhancement - null JDK-8044500 Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes

            • P3 - Major loss of function.
            • Closed

            Activity

              People

                weijun Weijun Wang
                weijun Weijun Wang
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: