RFR 8227437: S4U2proxy cannot continue because server's TGT cannot be found
Weijun Wang
weijun.wang at oracle.com
Tue Jul 16 02:16:07 UTC 2019
Another thing.
Although we later found out more issues with the name change, this bug was originally filed on S4U2proxy, so I suggest we add a test for this purpose.
This can demonstrated with
private static void JAAS() throws Exception {
Context c = Context.fromUserPass("normal", password, false);
c.startAsClient("andrew", GSSUtil.GSS_KRB5_MECH_OID);
Context s = Context.fromUserPass("drew", password, true);
s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
Context.handshake(c, s);
s.delegated();
}
Here the principals are added as
kdc1.addPrincipal("normal", password);
kdc1.addPrincipal("andrew", password);
kdc1.registerAlias("drew", "andrew@" + realmKDC1);
You can surely use your existing names/aliases.
Note: I cannot call 'c.startAsClient("drew", GSSUtil.GSS_KRB5_MECH_OID)' above because KDC.java does not support aliases in getPassword(). We can enhance this later if useful.
Thanks,
Max
> On Jul 16, 2019, at 8:47 AM, Martin Balao <mbalao at redhat.com> wrote:
>
> http://cr.openjdk.java.net/~mbalao/webrevs/8227437/8227437.webrev.00/
More information about the security-dev
mailing list