X-CACHECONF in cache type 0504

Frank Cusack frank+krb at linetwo.net
Thu Nov 18 13:07:26 EST 2010

On 11/18/10 1:57 PM +0000 Tim Alsop wrote:
> related to Java Kerberos. Basically if MIT code is used to create the
> cache, the Java 1.6 code cannot recognise the TGT unless the cache
> entries are renewed to remove the extra information added by MIT.

Or unless you tell the JVM to use the native krb5 libraries.
(set sun.security.jgss.native to true, only for Solaris and Linux).

There's also a patch against openjdk to fix it.

Just wanted to point out there are alternatives to renewing the ccache
in some cases.

I find it interesting that kinit puts this info in the ccache and
kinit -R removes it.

More information about the krbdev mailing list