JDK-8031046 : Native Windows ccache might still get unsupported ticket
  • Type: Bug
  • Component: security-libs
  • Sub-Component: org.ietf.jgss:krb5
  • Affected Version: 7u60,8
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • OS: windows
  • Submitted: 2013-12-26
  • Updated: 2016-06-13
  • Resolved: 2014-01-14
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
7u67Fixed 8u20Fixed 9 b02Fixed
Related Reports
Blocks :  
Relates :  
In JDK-8016594, we've fixed native Windows ccache by acquiring for a ticket using an etype we support but it's still not enough. Out of box this works fine because we will request for aes-128 and Windows will give us an aes-128 key. However, user can customize their krb5.conf file to change the default_tkt_enctypes list. If the perferred etype is des3 (very unlikely but still doable), Windows will still issue an aes-256 ticket because it does not support des3. We should always check for the returned ticket and try the second-preferred etype if we do not support it, and so on.
SQE OK to take the fix to PSU15_01

Like JDK-8016594, this change cannot be verified by a simple regression test inside jdk repo. New comment added to INTJDK-7604925 on how to verify this fix.