[RFR 11u] 8227437: S4U2proxy cannot continue because server's TGT cannot be found
Martin Balao
mbalao at redhat.com
Wed Nov 13 16:28:36 UTC 2019
Hi Christoph,
Can I have a review for the 11u backport of 8227437 [1]?
This is a critical bug affecting 11u after the backport of 8215032 [2].
Webrev.00:
*
http://cr.openjdk.java.net/~mbalao/webrevs/8227437/8227437.jdk11u.webrev.00/
Changes to the original JDK patch:
src/java.security.jgss/share/classes/javax/security/auth/kerberos/JavaxSecurityAuthKerberosAccessImpl.java
* Changes on hook #1 (copyright date and import removals) already
applied by 8220302
src/java.security.jgss/share/classes/javax/security/auth/kerberos/KerberosTicket.java
* Changes on hook #1 (copyright date) already applied by 8220302
src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Context.java
* Changes on hook #1 (copyright date) already applied by 8220302
src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5InitCredential.java
* Changes on hook #1 (copyright date) already applied by 8220302
* Copyright date will be 2019 instead of 2018 because of 8220302
* Changes on hook #6 does not apply cleanly because the
"Krb5InitCredential" instance is assigned to a variable after 8220302
before being returned (so a proxy ticket can be added). Trivial to fix.
src/java.security.jgss/share/classes/sun/security/krb5/Credentials.java
* Changes on hook #1 (copyright date) already applied by 8220302
src/java.security.jgss/share/classes/sun/security/krb5/JavaxSecurityAuthKerberosAccess.java
* Changes on hook #1 (copyright date) already applied by 8220302
* Changes on hook #2 do not apply cleanly because the import of
javax.security.auth.kerberos.KerberosTicket was already added by
8220302. To fix this, we manually add the import of
javax.security.auth.kerberos.KerberosPrincipal.
Thanks,
Martin.-
--
[1] - https://bugs.openjdk.java.net/browse/JDK-8227437
[2] - https://bugs.openjdk.java.net/browse/JDK-8215032
More information about the jdk-updates-dev
mailing list