JDK-8242059 : Release Note: Support for canonicalize in krb5.conf
- Type: Sub-task
- Component: security-libs
- Sub-Component: org.ietf.jgss:krb5
- Affected Version: 8u271,11.0.9-oracle,15
- Priority: P4
- Status: Closed
- Resolution: Delivered
- OS: generic
- CPU: generic
- Submitted: 2020-04-02
- Updated: 2021-12-02
- Resolved: 2021-12-02
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 11 | JDK 15 | JDK 8 |
|---|---|---|
| 11.0.9-oracleResolved | 15Resolved  |
8u271Resolved |
Description
The 'canonicalize' flag in the [krb5.conf file][1] is now supported by the JDK Kerberos implementation. When set to *true*, [RFC 6806][2] name canonicalization is requested by clients in TGT requests to KDC services (AS protocol). Otherwise, and by default, it is not requested. The new default behavior is different from JDK 14 and previous releases where name canonicalization was always requested by clients in TGT requests to KDC services (provided that support for [RFC 6806][2] was not explicitly disabled with the *sun.security.krb5.disableReferrals* system or security properties). [1]: https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html [2]: https://tools.ietf.org/html/rfc6806
Comments
|