Details
-
Type:
Enhancement
-
Status: Closed
-
Priority:
P3
-
Resolution: Fixed
-
Affects Version/s: 7, 8
-
Fix Version/s: 8
-
Component/s: security-libs
-
Subcomponent:
-
Resolved In Build:b65
-
CPU:generic
-
OS:generic
-
Verification:Verified
Backports
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8168922 | 7-pool | Ivan Gerasimov | P3 | Closed | Won't Fix |
Description
If a service account is trusted for delegation, it can request
service tickets on behalf of an authenticated user to any other
service accounts.
Constrained delegation is a way to restrict the service accounts
for which service tickets can be obtained. This seems a useful
feature to introduce.
See also: Comments section.
service tickets on behalf of an authenticated user to any other
service accounts.
Constrained delegation is a way to restrict the service accounts
for which service tickets can be obtained. This seems a useful
feature to introduce.
See also: Comments section.
Attachments
Issue Links
- backported by
-
JDK-8168922 introduce constrained Kerberos delegation
-
- Closed
-
- duplicates
-
JDK-7196902 GSSCredential doesn't return correct val for getRemainingLifetime() & getRemainingInitLifetime(oid)
-
- Closed
-
- relates to
-
JDK-6966259 should a principalname object always have a realm?
-
- Closed
-
-
JDK-8044215 Unable to initiate SpNego using a S4U2Proxy GSSCredential (Krb5ProxyCredential)
-
- Resolved
-
-
JDK-8046103 JEP 113: MS-SFU Kerberos 5 Extensions
-
- Closed
-