referrals and canonicalization

Isaac Boukris iboukris at gmail.com
Fri Feb 28 04:58:49 EST 2020


On Thu, Feb 27, 2020 at 8:36 PM Ben Gooley <bgooley at cloudera.com> wrote:
>
> Thanks... for reference, Java enabled both referrals and canonicalization requests by its clients in recent releases of OpenJDK:
> https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8223172

Thanks, interesting read.

(for example, this quote: Principal name changes are allowed in AS-REQ
responses only if 1) *canonicalize* option was set in the AS-REQ
request, 2) PA-REQ-ENC-PA-REP pre-authentication data was sent in the
AS-REQ response (meaning the server supports [RFC 6068][1] FAST
scheme) and 3) the authenticated checksum is correct.)


More information about the Kerberos mailing list