-
Sub-task
-
Resolution: Delivered
-
P4
-
8u271, 11.0.9-oracle, 13
-
Verified
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8253193 | 11.0.9-oracle | Clifford Wayne | P4 | Resolved | Delivered | |
JDK-8250987 | 8u271 | Clifford Wayne | P4 | Closed | Delivered |
The Kerberos client has been enhanced with the support of principal name canonicalization and cross-realm referrals, as defined by the RFC 6806 protocol extension.
As a result of this new feature, the Kerberos client can take advantage of more dynamic environment configurations and does not necessarily need to know (in advance) how to reach the realm of a target principal (user or service).
Support is enabled by default and 5 is the maximum number of referral hops allowed. To turn it off, set the `sun.security.krb5.disableReferrals` security or system property to false. To configure a custom maximum number of referral hops, set the `sun.security.krb5.maxReferrals` security or system property to any positive value.
See further information inJDK-8223172.
As a result of this new feature, the Kerberos client can take advantage of more dynamic environment configurations and does not necessarily need to know (in advance) how to reach the realm of a target principal (user or service).
Support is enabled by default and 5 is the maximum number of referral hops allowed. To turn it off, set the `sun.security.krb5.disableReferrals` security or system property to false. To configure a custom maximum number of referral hops, set the `sun.security.krb5.maxReferrals` security or system property to any positive value.
See further information in
- backported by
-
JDK-8253193 Release Note: Support for Kerberos Cross-Realm Referrals (RFC 6806)
- Resolved
-
JDK-8250987 Release Note: Support for Kerberos Cross-Realm Referrals (RFC 6806)
- Closed