JDK-8202681 : Release Note: Kerberos Sequence Number Issues
- Type: Sub-task
- Component: security-libs
- Sub-Component: org.ietf.jgss:krb5
- Affected Version: 7u251,8u241,11
- Priority: P4
- Status: Closed
- Resolution: Delivered
- Submitted: 2018-05-05
- Updated: 2020-05-27
- Resolved: 2018-05-19
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 11 | JDK 7 | JDK 8 |
|---|---|---|
11Resolved  |
7u251Resolved | 8u241Resolved |
Description
Previously, when mutual authentication was not requested by the Kerberos 5 initiator, there was no mechanism to negotiate the acceptor's initial sequence number. With this release, if the system property `sun.security.krb5.acceptor.sequence.number.nonmutual` is set to `initiator`, the SunJGSS provider will use the initiator's initial sequence number as the acceptor's initial sequence number. If set to `zero` or `0`, 0 is used. The default value is `initiator`. All other values are illegal and will throw an Error when the system property is read.