Java 1.5 and name-type mismatch
Salil Dangi
me_extra at unisys.com
Wed Jun 21 14:18:06 EDT 2006
I am running into following issue with AP-Request generated by Java 1.5:
AP-Request has a Ticket and an Authenticator.
Both of these structures have client (cname) information.
As part of AP-Request verification, the client information in these two
structures should be matched.
I see that the cname in the ticket and cname in the authenticator are not
same. One of them shows a name-type of 0 (KRB_NT_UNKNOWN) and the other one
shows a name-type of 1 (KRB_NT_PRINCIPAL). The name-string fields are
identical in cname fields of the ticket and the authenticator.
How do you match two names that have different name-type attributes (UNKNOWN
and NT_PRINCIPAL)?
Should this be considered as a bug with JAVA 1.5 implementation?
More information about the Kerberos
mailing list