JDK-6722928 Support SSPI as a native JGSS-API provider - Current Status

Cole Ferrier cole at coleferrier.com
Mon Jun 11 22:14:31 UTC 2018 

Thanks for your time reading this.  (Sorry for the dupe post if it comes
through, joined the list and resent)

I am trying to setup a java client that runs in windows and needs to
present a ticket to get access to a service.

No delegation is required.

We are running Java 8/Windows 10 and running into needing to change both
the registry setting to enable access to the SessionKey and some group
policies around UAC.
This is not ideal from a security perspective.

I was hoping that the Java community was making progress on this front
especially since it sounds like from some other articles, Credential Guard
further locks this down.

I found:

https://www.mail-archive.com/security-dev@openjdk.java.net/msg05291.html
https://www.mail-archive.com/security-dev@openjdk.java.net/msg15532.html

and:

http://cr.openjdk.java.net/~weijun/6722928/

What is the current status of this? Should it compile and run in Java 8?
or does it depend on the recently committed:

https://bugs.openjdk.java.net/browse/JDK-8200468

Trying to understand out options with respect to getting SSO for this java
client to work.

On Mon, Jun 11, 2018 at 3:10 PM, Cole Ferrier <cole at coleferrier.com> wrote:

> Thanks for your time reading this.
>
> I am trying to setup a java client that runs in windows and needs to
> present a ticket to get access to a service.
>
> No delegation is required.
>
> We are running Java 8/Windows 10 and running into needing to change both
> the registry setting to enable access to the SessionKey and some group
> policies around UAC.
> This is not ideal from a security perspective.
>
> I was hoping that the Java community was making progress on this front
> especially since it sounds like from some other articles, Credential Guard
> further locks this down.
>
> I found:
>
> https://www.mail-archive.com/security-dev@openjdk.java.net/msg05291.html
> https://www.mail-archive.com/security-dev@openjdk.java.net/msg15532.html
>
> and:
>
> http://cr.openjdk.java.net/~weijun/6722928/
>
> What is the current status of this? Should it compile and run in Java 8?
> or does it depend on the recently committed:
>
> https://bugs.openjdk.java.net/browse/JDK-8200468
>
> Trying to understand out options with respect to getting SSO for this java
> client to work.
>
> Cole Ferrier
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20180611/b8d576a4/attachment.htm>

More information about the security-dev mailing list