[RFR 11u] 8227437: S4U2proxy cannot continue because server's TGT cannot be found
Lindenmaier, Goetz
goetz.lindenmaier at sap.com
Tue Nov 19 16:12:24 UTC 2019
Hi Martin,
the downport of this change looks good.
You need to flag the bug with jdk11*u*-fix-request, please.
Please also add these two links to your "Fix request" comment:
http://cr.openjdk.java.net/~mbalao/webrevs/8227437/8227437.jdk11u.webrev.00/
http://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-November/002099.html
Best regards,
Goetz.
> -----Original Message-----
> From: jdk-updates-dev <jdk-updates-dev-bounces at openjdk.java.net> On
> Behalf Of Martin Balao
> Sent: Mittwoch, 13. November 2019 17:29
> To: jdk-updates-dev at openjdk.java.net; Langer, Christoph
> <christoph.langer at sap.com>
> Subject: [RFR 11u] 8227437: S4U2proxy cannot continue because server's TGT
> cannot be found
>
> Hi Christoph,
>
> Can I have a review for the 11u backport of 8227437 [1]?
>
> This is a critical bug affecting 11u after the backport of 8215032 [2].
>
> Webrev.00:
>
> *
> http://cr.openjdk.java.net/~mbalao/webrevs/8227437/8227437.jdk11u.webre
> v.00/
>
> Changes to the original JDK patch:
>
> src/java.security.jgss/share/classes/javax/security/auth/kerberos/JavaxSecurit
> yAuthKerberosAccessImpl.java
>
> * Changes on hook #1 (copyright date and import removals) already
> applied by 8220302
>
> src/java.security.jgss/share/classes/javax/security/auth/kerberos/KerberosTic
> ket.java
>
> * Changes on hook #1 (copyright date) already applied by 8220302
>
> src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Context.java
>
> * Changes on hook #1 (copyright date) already applied by 8220302
>
> src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5InitCredential.j
> ava
>
> * Changes on hook #1 (copyright date) already applied by 8220302
> * Copyright date will be 2019 instead of 2018 because of 8220302
>
> * Changes on hook #6 does not apply cleanly because the
> "Krb5InitCredential" instance is assigned to a variable after 8220302
> before being returned (so a proxy ticket can be added). Trivial to fix.
>
> src/java.security.jgss/share/classes/sun/security/krb5/Credentials.java
>
> * Changes on hook #1 (copyright date) already applied by 8220302
>
> src/java.security.jgss/share/classes/sun/security/krb5/JavaxSecurityAuthKerbe
> rosAccess.java
>
> * Changes on hook #1 (copyright date) already applied by 8220302
>
> * Changes on hook #2 do not apply cleanly because the import of
> javax.security.auth.kerberos.KerberosTicket was already added by
> 8220302. To fix this, we manually add the import of
> javax.security.auth.kerberos.KerberosPrincipal.
>
> Thanks,
> Martin.-
>
> --
> [1] - https://bugs.openjdk.java.net/browse/JDK-8227437
> [2] - https://bugs.openjdk.java.net/browse/JDK-8215032
More information about the jdk-updates-dev
mailing list