Details
-
Sub-task
-
Resolution: Delivered
-
P4
-
23
Description
When looking up a `keytab` or `credentials cache (ccache)` entry for a Kerberos principal, the principal name is compared with the entry name in a case-insensitive manner. However, many Kerberos implementations treat principal names as case-sensitive. As a result, if two principals have names that differ only by case, there is a risk of selecting the incorrect `keytab` or `ccache` entry.
A new security property named `jdk.security.krb5.name.case.sensitive` is introduced to control name comparison. If this property is set to "true", the comparison of principal names during `keytab` and `ccache` entry lookup will be case-sensitive. The default value is "false" to ensure backward compatibility.
In addition, if a system property with the same name is specified, it will override the security property value defined in the `java.security` file.
See [Kerberos System Properties, Security Properties, and Environment Variables](https://docs.oracle.com/en/java/javase/23/security/kerberos-system-properties-security-properties-and-environment-variables.html).
A new security property named `jdk.security.krb5.name.case.sensitive` is introduced to control name comparison. If this property is set to "true", the comparison of principal names during `keytab` and `ccache` entry lookup will be case-sensitive. The default value is "false" to ensure backward compatibility.
In addition, if a system property with the same name is specified, it will override the security property value defined in the `java.security` file.
See [Kerberos System Properties, Security Properties, and Environment Variables](https://docs.oracle.com/en/java/javase/23/security/kerberos-system-properties-security-properties-and-environment-variables.html).