Details

    Backports

      Description

        The 'canonicalize' flag in the [krb5.conf file][1] is now supported by the JDK Kerberos implementation. When set to *true*, [RFC 6806][2] name canonicalization is requested by clients in TGT requests to KDC services (AS protocol). Otherwise, and by default, it is not requested.

        The new default behavior is different from JDK 14 and previous releases where name canonicalization was always requested by clients in TGT requests to KDC services (provided that support for [RFC 6806][2] was not explicitly disabled with the *sun.security.krb5.disableReferrals* system or security properties).

        [1]: https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html
        [2]: https://tools.ietf.org/html/rfc6806

        Attachments

          Issue Links

            Activity

              People

                mbalao Martin Balao
                mbalao Martin Balao
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: