RFR: 8028351: JWS doesn't get authenticated when using kerberos auth proxy

Xuelei Fan xuelei.fan at oracle.com
Thu Nov 21 17:39:16 PST 2013


Looks like a reasonable fix to me.

Xuelei

On 11/22/2013 8:47 AM, Weijun Wang wrote:
> Please take a look at
> 
>    http://cr.openjdk.java.net/~weijun/8028351/webrev.00/
> 
> The bug is
> 
>    https://bugs.openjdk.java.net/browse/JDK-8028351
> 
> Basically, we now treat no password provided as empty password, this
> leads to a useless (and failed) login and has some other serious issues,
> say, too many unsuccessful login blocks a user account.
> 
> Thanks
> Max



More information about the security-dev mailing list