-
Sub-task
-
Resolution: Delivered
-
P4
-
8u271, 11.0.9-oracle, 15
-
generic
-
generic
-
Verified
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8252130 | 11.0.9-oracle | Clifford Wayne | P4 | Resolved | Delivered | |
JDK-8250993 | 8u271 | Clifford Wayne | P4 | Resolved | Delivered |
The 'canonicalize' flag in the [krb5.conf file][1] is now supported by the JDK Kerberos implementation. When set to *true*, [RFC 6806][2] name canonicalization is requested by clients in TGT requests to KDC services (AS protocol). Otherwise, and by default, it is not requested.
The new default behavior is different from JDK 14 and previous releases where name canonicalization was always requested by clients in TGT requests to KDC services (provided that support for [RFC 6806][2] was not explicitly disabled with the *sun.security.krb5.disableReferrals* system or security properties).
[1]: https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html
[2]: https://tools.ietf.org/html/rfc6806
The new default behavior is different from JDK 14 and previous releases where name canonicalization was always requested by clients in TGT requests to KDC services (provided that support for [RFC 6806][2] was not explicitly disabled with the *sun.security.krb5.disableReferrals* system or security properties).
[1]: https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html
[2]: https://tools.ietf.org/html/rfc6806
- backported by
-
JDK-8250993 Release Note: Support for canonicalize in krb5.conf
-
- Resolved
-
-
JDK-8252130 Release Note: Support for canonicalize in krb5.conf
-
- Resolved
-