Push request: 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem
Edvard Wendelin
edvard.wendelin at oracle.com
Fri Aug 5 01:13:43 PDT 2011
Approved!
Please use hg.openjdk.java.net/jdk7u/jdk7u-dev-gate/jdk/
/Edvard
Skickat från min iPhone
5 aug 2011 kl. 08:50 skrev Weijun Wang <weijun.wang at oracle.com>:
> Hi All
>
> This is a request to backport a jdk8 fix into jdk7u2 b02.
>
> CR: 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem
> Weblink: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7061379
>
> Description:
>
> A Kerberos PrincipalName is defined as
>
> PrincipalName ::= SEQUENCE {
> name-type [0] Int32,
> name-string [1] SEQUENCE OF KerberosString
> }
>
> and RFC 4120 6.2 says --
>
> The name-type field that is part of the principal name indicates the
> kind of information implied by the name. The name-type SHOULD be
> treated only as a hint to interpreting the meaning of a name. It is
> not significant when checking for equivalence.
>
> However, in Java's PrincipalName.equals(), we do check for equality of both the name-type and name-string. This led to a failure in customer's working environment.
>
> The fix is already included in jdk8 as:
>
> Changeset: e68db408d08c
> Author: weijun
> Date: 2011-08-04 18:18 +0800
> URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/e68db408d08c
>
> 7061379: [Kerberos] Cross-realm authentication fails,
> due to nameType problem
> Reviewed-by: valeriep
>
> The patch for jdk7u2 is identical to the one in jdk8.
>
> Thanks
> Weijun
More information about the jdk7u-dev
mailing list