-
Bug
-
Resolution: Not an Issue
-
P3
-
None
-
8u121
Kerberos application break when attempting to use multiple domains.
submitter info :
============
Breakpoint at:
sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:272)
on line : EncryptionKey[] keys = cred.getKrb5EncryptionKeys(apReqMessg.ticket.sname);
shows that apReqMessg.ticket.sname=HTTP/xxx.oracle.com@DOWN.COM
but the encrypted key return is the one for
HTTP/xxx.oracle.com@UP.COM, even if finaltab contains keys for
both HTTP/xxx.oracle.com@UP.COM and
HTTP/xxx.oracle.com@DOWN.COM
With AES128, this keys differs since there is salt used. With RC4 the keys were the same, hence there was no exception.
submitter info :
============
Breakpoint at:
sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:272)
on line : EncryptionKey[] keys = cred.getKrb5EncryptionKeys(apReqMessg.ticket.sname);
shows that apReqMessg.ticket.sname=HTTP/xxx.oracle.com@DOWN.COM
but the encrypted key return is the one for
HTTP/xxx.oracle.com@UP.COM, even if finaltab contains keys for
both HTTP/xxx.oracle.com@UP.COM and
HTTP/xxx.oracle.com@DOWN.COM
With AES128, this keys differs since there is salt used. With RC4 the keys were the same, hence there was no exception.