Kerberos Credential Retrieval from Cache not Working in Cross-Realm Setup
mark.reinhold at oracle.com
mark.reinhold at oracle.com
Wed Jun 30 19:09:15 UTC 2021
2021/6/29 5:17:39 -0700, anika.westburg at raytion.com:
> Dear Developers,
>
> we have the problem with Kerberos and AdoptOpenJDK in a cross-realm
> setup that the first request succeeds, but subsequent requests
> fail. The reason is that the ticket from the referrals cache does not
> work for proxy requests. We opened this ticket:
> https://github.com/adoptium/adoptium-support/issues/318
>
> We also attached a patch to the ticket that solves the problem for
> us. If someone could check it out so the patch could make it into the
> next update release, that would make us and our customer very happy.
>
> If there is anything we can do further to ease your life, please let
> us know. We are not fully used to your workflows but would want to
> make sure we are playing according to the rules.
The best way to submit a bug report against the JDK is via
https://bugreport.java.com. Please include your patch in that
submission. For IP clarity, we cannot take in patches posted to
non-OpenJDK infrastructure.
> In case you would agree that this is a bug and will be fixed, is there
> any estimate on likelihood of getting into one of the subsequent
> releases and when? This would be super helpful to hear, any hint or
> pointer is highly appreciated.
In general we cannot make any promises. If you need actual support,
you might consider entering into a contractual relationship with one
of the many commercial providers of JDK builds.
- Mark
More information about the security-dev
mailing list