Push request: 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem
Weijun Wang
weijun.wang at oracle.com
Thu Aug 4 23:50:10 PDT 2011
Hi All
This is a request to backport a jdk8 fix into jdk7u2 b02.
CR: 7061379: [Kerberos] Cross-realm authentication fails, due to
nameType problem
Weblink: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7061379
Description:
A Kerberos PrincipalName is defined as
PrincipalName ::= SEQUENCE {
name-type [0] Int32,
name-string [1] SEQUENCE OF KerberosString
}
and RFC 4120 6.2 says --
The name-type field that is part of the principal name indicates the
kind of information implied by the name. The name-type SHOULD be
treated only as a hint to interpreting the meaning of a name. It is
not significant when checking for equivalence.
However, in Java's PrincipalName.equals(), we do check for equality of
both the name-type and name-string. This led to a failure in customer's
working environment.
The fix is already included in jdk8 as:
Changeset: e68db408d08c
Author: weijun
Date: 2011-08-04 18:18 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/e68db408d08c
7061379: [Kerberos] Cross-realm authentication fails,
due to nameType problem
Reviewed-by: valeriep
The patch for jdk7u2 is identical to the one in jdk8.
Thanks
Weijun
More information about the jdk7u-dev
mailing list