United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6951366 kerberos login failure on win2008 with AD set to win2000 compat mode
JDK-6951366 : kerberos login failure on win2008 with AD set to win2000 compat mode

Details
Type:
Bug
Submit Date:
2010-05-11
Status:
Closed
Updated Date:
2011-03-07
Project Name:
JDK
Resolved Date:
2011-03-07
Component:
security-libs
OS:
windows_2008
Sub-Component:
org.ietf.jgss:krb5
CPU:
x86
Priority:
P3
Resolution:
Fixed
Affected Versions:
5.0u11
Fixed Versions:

Related Reports
Backport:
Backport:
Relates:
Relates:

Sub Tasks

Description
When CU application tries user authentification in com.sun.security.auth.module.Krb5LoginModule,
that fails under the following condition.

- Under Windows Server 2008 or Windows Server 2008 R2
- When ActiveDirectory is constructed, the domain functional level is set to 2000 or 2003.
- The client side of Kerberos uses Krb5LoginModule in jdk5u11.
- The setting of Kerberos enctypes is set to default value.(Not to specify any value explicitly)

REPRODUCE:
1) To set jaaskrb.conf and krb5.conf to c:\tmp\
2) To open krb5.conf and change the inf. of default_realm and [realms] to 
   inf. of the authentification server.
3) To Execute KrbSample.java and input user name and password

                                    

Comments
EVALUATION

This is a new fix for 6932525 (http://hg.openjdk.java.net/jdk7/tl/jdk/rev/ba95fd03440b), which also covers login with keytab file. A new regression test is added.

When backporting this fix to previous versions, there is no need to read the previous fix for 6932525.
                                     
2010-06-04
EVALUATION

http://hg.openjdk.java.net/jdk7/tl/jdk/rev/ea8c57ec8409
                                     
2010-06-04
EVALUATION

This fix is further enhanced in 6959292, to be interoperable with Windows 2000.
                                     
2010-07-01



Hardware and Software, Engineered to Work Together