Java 1.5 and name-type mismatch

Salil Dangi me_extra at
Wed Jun 21 14:18:06 EDT 2006

I am running into following issue with AP-Request generated by Java 1.5:

AP-Request has a Ticket and an Authenticator.
Both of these structures have client (cname) information.

As part of AP-Request verification, the client information in these two 
structures should be matched.

I see that the cname in the ticket and cname in the authenticator are not 
same. One of them shows a name-type of 0 (KRB_NT_UNKNOWN) and the other one 
shows a name-type of 1 (KRB_NT_PRINCIPAL). The name-string fields are 
identical in cname fields of the ticket and the authenticator.

How do you match two names that have different name-type attributes (UNKNOWN 

Should this be considered as a bug with JAVA 1.5 implementation? 

More information about the Kerberos mailing list