JDK-6670362 : HTTP/SPNEGO should work across realms
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: org.ietf.jgss:krb5
  • Affected Version: 6u29,7
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2008-03-03
  • Updated: 2012-05-24
  • Resolved: 2011-05-18
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
7 b26Fixed
Related Reports
Duplicate :  
Relates :  
When accessing a web page using HTTP/SPNEGO, the service principal is always assumed to be in the same realm as the client principal.

EVALUATION http://hg.openjdk.java.net/jdk7/jsn/jdk/rev/a8d6215fa863

SUGGESTED FIX Generate the realm name from [domain_realm] section of krb5.conf or through DNS query.

EVALUATION The HTTP service principal name is generated from the full qualified hostname of the web server, with no realm name.