JDK-8031046 : Native Windows ccache might still get unsupported ticket
- Type: Bug
- Component: security-libs
- Sub-Component: org.ietf.jgss:krb5
- Affected Version: 7u60,8
- Priority: P4
- Status: Closed
- Resolution: Fixed
- OS: windows
- Submitted: 2013-12-26
- Updated: 2016-06-13
- Resolved: 2014-01-14
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 7 | JDK 8 | JDK 9 |
|---|---|---|
7u67Fixed  |
8u20Fixed |
9 b02Fixed |
Related Reports
|
Blocks :
|
|
|
Relates :
|
Description
In JDK-8016594, we've fixed native Windows ccache by acquiring for a ticket using an etype we support but it's still not enough. Out of box this works fine because we will request for aes-128 and Windows will give us an aes-128 key. However, user can customize their krb5.conf file to change the default_tkt_enctypes list. If the perferred etype is des3 (very unlikely but still doable), Windows will still issue an aes-256 ticket because it does not support des3. We should always check for the returned ticket and try the second-preferred etype if we do not support it, and so on.
Comments
|