RFR: 8028351: JWS doesn't get authenticated when using kerberos auth proxy

Xuelei Fan xuelei.fan at oracle.com
Thu Nov 21 17:39:16 PST 2013

Looks like a reasonable fix to me.


On 11/22/2013 8:47 AM, Weijun Wang wrote:
> Please take a look at
>    http://cr.openjdk.java.net/~weijun/8028351/webrev.00/
> The bug is
>    https://bugs.openjdk.java.net/browse/JDK-8028351
> Basically, we now treat no password provided as empty password, this
> leads to a useless (and failed) login and has some other serious issues,
> say, too many unsuccessful login blocks a user account.
> Thanks
> Max

More information about the security-dev mailing list