United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-6670362 : HTTP/SPNEGO should work across realms

Details
Type:
Enhancement
Submit Date:
2008-03-03
Status:
Closed
Updated Date:
2012-05-24
Project Name:
JDK
Resolved Date:
2011-05-18
Component:
security-libs
OS:
generic
Sub-Component:
org.ietf.jgss:krb5
CPU:
generic
Priority:
P4
Resolution:
Fixed
Affected Versions:
6u29,7
Fixed Versions:

Related Reports
Backport:
Backport:
Duplicate:
Relates:

Sub Tasks

Description
When accessing a web page using HTTP/SPNEGO, the service principal is always assumed to be in the same realm as the client principal.

                                    

Comments
EVALUATION

http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/a8d6215fa863
                                     
2008-04-25
SUGGESTED FIX

Generate the realm name from [domain_realm] section of krb5.conf or through DNS query.
                                     
2008-03-03
EVALUATION

The HTTP service principal name is generated from the full qualified hostname of the web server, with no realm name.
                                     
2008-03-03



Hardware and Software, Engineered to Work Together