United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-6355584 : introduce constrained Kerberos delegation

Details
Type:
Enhancement
Submit Date:
2005-11-26
Status:
Closed
Updated Date:
2014-06-06
Project Name:
JDK
Resolved Date:
2012-11-07
Component:
security-libs
OS:
generic
Sub-Component:
java.security
CPU:
generic
Priority:
P3
Resolution:
Fixed
Affected Versions:
7,8
Fixed Versions:

Related Reports
Duplicate:
Relates:

Sub Tasks

Description
If a service account is trusted for delegation, it can request
service tickets on behalf of an authenticated user to any other
service accounts.

Constrained delegation is a way to restrict the service accounts
for which service tickets can be obtained.  This seems a useful
feature to introduce.

See also: Comments section.

                                    

Comments
release note:

scope: Java SE
text: Protocol transition and constrained delegation support for Kerberos 5. Note it works on the same realm only in JDK 8.
                                     
2013-12-11
URL:   http://hg.openjdk.java.net/jdk8/jdk8/jdk/rev/a1bbb8805e22
User:  lana
Date:  2012-11-13 19:08:40 +0000

                                     
2012-11-13
URL:   http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a1bbb8805e22
User:  weijun
Date:  2012-11-07 06:13:42 +0000

                                     
2012-11-07



Hardware and Software, Engineered to Work Together