JDK-8254596 : Release Note: Support cross-realm MSSFU
- Type: Sub-task
- Component: security-libs
- Sub-Component: org.ietf.jgss:krb5
- Affected Version: 8u301,11.0.12-oracle,15
- Priority: P4
- Status: Closed
- Resolution: Delivered
- Submitted: 2020-10-12
- Updated: 2022-05-31
- Resolved: 2021-12-02
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 11 | JDK 15 | JDK 8 |
|---|---|---|
| 11.0.12-oracleResolved | 15Resolved  |
8u301Resolved |
Description
The support for the Kerberos MSSFU extensions [1] is now extended to cross-realm environments. By leveraging the Kerberos cross-realm referrals enhancement introduced in the context of JDK-8215032, the 'S4U2Self' and 'S4U2Proxy' extensions may be used to impersonate user and service principals located on different realms. [1] - https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-sfu/3bff5864-8135-400e-bdd9-33b552051d94