United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-8016594 : Native Windows ccache still reads DES tickets

Details
Type:
Bug
Submit Date:
2013-06-13
Status:
Resolved
Updated Date:
2014-06-06
Project Name:
JDK
Resolved Date:
2013-08-08
Component:
security-libs
OS:
windows
Sub-Component:
org.ietf.jgss:krb5
CPU:
x86
Priority:
P3
Resolution:
Fixed
Affected Versions:
Fixed Versions:

Related Reports
Backport:
Blocks:
Relates:

Sub Tasks

Description
External report:

BTW, this looks very sketchy to me:

http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/3c08c9ebd1fb/src/windows/native/sun/security/krb5/NativeCreds.c

Like it uses CacheRequest without memset()ing it to zero first.

And it doesn't support newer enctypes!
                                    

Comments
SQE is ok to take the fix in 7u60.
                                     
2013-12-18
Why there is no regression test in the fix?

As there is no regression test SQE is investigating test coverage at the moment will approve/decline for 7u60 once test coverage/development needs situation is clear.
                                     
2013-12-04
This fix is quite critical for clients using Windows 2008 as Active Directory server. Before the fix, Java always requests for a ticket with the DES session key no matter what the supported encryption types are. Depending on the server configuration, in some cases, DES session key is issued but DES is disabled by default in jdk8. In other cases, Windows could ignore the DES request and issue an AES-256 key. Unless unlimited strength crypto policy is installed, Java will not be able to use the AES-256 key and will throw an "illegal key size" error. After this fix, the strongest supported encryption type is requested (AES-128 by default, or AES-256 if unlimited strength crypto policy installed), the correct key will be issued.
                                     
2013-11-28
URL:   http://hg.openjdk.java.net/jdk8/jdk8/jdk/rev/b7d594716f86
User:  lana
Date:  2013-08-26 18:32:19 +0000

                                     
2013-08-26
URL:   http://hg.openjdk.java.net/jdk8/tl/jdk/rev/b7d594716f86
User:  weijun
Date:  2013-08-08 13:14:48 +0000

                                     
2013-08-08



Hardware and Software, Engineered to Work Together