-
Type:
Bug
-
Resolution: Not an Issue
-
Priority:
P3
-
None
-
Affects Version/s: 8u121
-
Component/s: security-libs
Kerberos application break when attempting to use multiple domains.
submitter info :
============
Breakpoint at:
sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:272)
on line : EncryptionKey[] keys = cred.getKrb5EncryptionKeys(apReqMessg.ticket.sname);
shows that apReqMessg.ticket.sname=HTTP/xxx.oracle.com@DOWN.COM
but the encrypted key return is the one for
HTTP/xxx.oracle.com@UP.COM, even if finaltab contains keys for
both HTTP/xxx.oracle.com@UP.COM and
HTTP/xxx.oracle.com@DOWN.COM
With AES128, this keys differs since there is salt used. With RC4 the keys were the same, hence there was no exception.
submitter info :
============
Breakpoint at:
sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:272)
on line : EncryptionKey[] keys = cred.getKrb5EncryptionKeys(apReqMessg.ticket.sname);
shows that apReqMessg.ticket.sname=HTTP/xxx.oracle.com@DOWN.COM
but the encrypted key return is the one for
HTTP/xxx.oracle.com@UP.COM, even if finaltab contains keys for
both HTTP/xxx.oracle.com@UP.COM and
HTTP/xxx.oracle.com@DOWN.COM
With AES128, this keys differs since there is salt used. With RC4 the keys were the same, hence there was no exception.