sun.security.spnego.msinterop does not work anymore/disable by default for 15
Osipov, Michael
michael.osipov at siemens.com
Thu Apr 16 15:10:56 UTC 2020
Am 2020-04-16 um 15:14 schrieb Weijun Wang:
>
>>>
>>> So I guess it's because Java has no subkey set. Try "-Dsun.security.krb5.acceptor.subkey=true" to see if it's bigger.
>>
>> Yes, it is bigger and inline with the other Kerberos implemenatations.
>> Is there any reason not to turn it on by default since the others do it too?
>
> No real reason but I seldom want to change the existing behavior.
>
> Except for being smaller, is there any other problem?
No, none. Both SSPI and MIT Kerberos complete the context with it.
Everything works now in this regard.
Thanks,
Michael
More information about the security-dev
mailing list