Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8250582

Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets

    XMLWordPrintable

Details

    Backports

      Description

        In JDK-8215032 ("Support Kerberos cross-realm referrals (RFC 6806)") we changed the Principal Name type to NT-SRV-HST when requesting TGS Kerberos tickets. This change can be seen in CredentialsUtil::acquireServiceCreds method (sun/security/krb5/internal/CredentialsUtil.java file), which used to contain the line "PrincipalName sname = new PrincipalName(service);" (implicitly meaning an NT-UNKNOWN Service Name Principal) and now creates an instance of PrincipalName with a PrincipalName.KRB_NT_SRV_HST constructor argument.

        Even though real-case failures were not noticed as a result of this change, and RFC-4120 - Section 6.2 [1] makes us think that there shouldn't be, we will revert the change to the previous state.

        A future enhancement would be to change CredentialsUtil::acquireServiceCreds method signature to receive the Principal Name type by parameter. Krb5Context class, as a method's caller, would need to send the proper value obtained from the Krb5Context::peerName instance.

        --
        [1] - https://tools.ietf.org/html/rfc4120#section-6.2

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8251391 Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8252272 Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8252579 Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8257313 Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8261166 Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8250966 Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8251040 Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8251404 Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8251429 Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8251433 Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed
            relates to

            Enhancement - null JDK-8215032 Support Kerberos cross-realm referrals (RFC 6806)

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved

            Activity

              People

                mbalao Martin Balao
                mbalao Martin Balao
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: