JDK-8225387 : Release Note: Support for Kerberos Cross-Realm Referrals (RFC 6806)
- Type: Sub-task
- Component: security-libs
- Sub-Component: org.ietf.jgss:krb5
- Affected Version: 8u271,11.0.9-oracle,13
- Priority: P4
- Status: Closed
- Resolution: Delivered
- Submitted: 2019-06-06
- Updated: 2020-09-15
- Resolved: 2019-06-11
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 11 | JDK 13 | JDK 8 |
|---|---|---|
| 11.0.9-oracleResolved | 13Resolved  |
8u271Resolved |
Description
The Kerberos client has been enhanced with the support of principal name canonicalization and cross-realm referrals, as defined by the RFC 6806 protocol extension. As a result of this new feature, the Kerberos client can take advantage of more dynamic environment configurations and does not necessarily need to know (in advance) how to reach the realm of a target principal (user or service). Support is enabled by default and 5 is the maximum number of referral hops allowed. To turn it off, set the `sun.security.krb5.disableReferrals` security or system property to false. To configure a custom maximum number of referral hops, set the `sun.security.krb5.maxReferrals` security or system property to any positive value. See further information in JDK-8223172.