JDK-6355584 : introduce constrained Kerberos delegation
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 7,8
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2005-11-26
  • Updated: 2017-05-16
  • Resolved: 2012-11-07
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8
8 b65Fixed
Related Reports
Duplicate :  
Relates :  
Relates :  
Relates :  
Description
If a service account is trusted for delegation, it can request
service tickets on behalf of an authenticated user to any other
service accounts.

Constrained delegation is a way to restrict the service accounts
for which service tickets can be obtained.  This seems a useful
feature to introduce.

See also: Comments section.

Comments
release note: scope: Java SE text: Protocol transition and constrained delegation support for Kerberos 5. Note it works on the same realm only in JDK 8.
11-12-2013