Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8331975 Enable case-sensitive check in ccache and keytab entry lookup
  3. JDK-8332653

Release Note: Enable Case-Sensitive Check in `ccache` and `keytab` Kerberos Entry Lookup

    XMLWordPrintable

Details

    Description

      When looking up a `keytab` or `credentials cache (ccache)` entry for a Kerberos principal, the principal name is compared with the entry name in a case-insensitive manner. However, many Kerberos implementations treat principal names as case-sensitive. As a result, if two principals have names that differ only by case, there is a risk of selecting the incorrect `keytab` or `ccache` entry.

      A new security property named `jdk.security.krb5.name.case.sensitive` is introduced to control name comparison. If this property is set to "true", the comparison of principal names during `keytab` and `ccache` entry lookup will be case-sensitive. The default value is "false" to ensure backward compatibility.

      In addition, if a system property with the same name is specified, it will override the security property value defined in the `java.security` file.

      See [Kerberos System Properties, Security Properties, and Environment Variables](https://docs.oracle.com/en/java/javase/23/security/kerberos-system-properties-security-properties-and-environment-variables.html).

      Attachments

        Activity

          People

            weijun Weijun Wang
            weijun Weijun Wang
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: