JDK-6722928 : Provide a default native GSS-API library on Windows
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: org.ietf.jgss
  • Affected Version: 7
  • Priority: P3
  • Status: Open
  • Resolution: Unresolved
  • OS: generic
  • CPU: generic
  • Submitted: 2008-07-07
  • Updated: 2019-01-24
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 13
13Unresolved
Related Reports
CSR :  
Duplicate :  
Relates :  
Relates :  
Relates :  
Sub Tasks
JDK-8214079 :  
Description
SSPI is the MS dialect of GSSAPI. We should support it in JDK on the Windows platform for better interop and system integration with Windows AD. Possible benefits are:

1. No need for krb5.ini and JAAS config
2. No need to retrieve TGT, thus no need for the allowtgtsessionkey registry key
3. Override the restriction when client is a member of local admin group
4. Server side program has no need to run setspn/ktpass
5. Server side program may be run as a Windows service
6. In Windows Server 2008, user2user authentication must be performed through their new protocol (http://tools.ietf.org/html/draft-swift-win2k-krb-user2user-03). SSPI automatically does this.

In the first stage, we should support client side using default credentials.

This provider must be interoperable with Java GSS provider and other native providers.

Comments
Is this ticket impacted by JDK-8199569 ? JDK-8199569 has been closed without comment
24-01-2019

No regression test included. A Windows AD server is needed. These tests are done manually: 1. Normal client/server context establishment and secure communication, including - Client side using Kerberos/SPNEGO - Client side requesting mutual auth or no - Client side requesting delegation or no 2. HTTP access the local or remote or cross-realm web server
20-11-2018

Do we have any updates on this subject?
18-07-2018

EVALUATION Might support it, althoguh I hope most of the functions of Windows SSPI can also be supported by pure Java. Interop is important between different platforms.
13-07-2010