Kerberos 1.14 - Java 1.6.0.24 incompatibility
Wang Weijun
weijun.wang at oracle.com
Sun Dec 13 06:15:52 EST 2015
Hi Richard
Have you tried newer JDK? 1.6.0.45 is the latest jdk6u. We had a bug at https://bugs.openjdk.java.net/browse/JDK-6932525 on etypes in AS-REQ and it was fixed in 6u25.
Thanks
Weijun
--
I work on Java SE Kerberos at Oracle.
> On Dec 13, 2015, at 12:40 AM, Richard Basch <basch at alum.mit.edu> wrote:
>
> There appears to be a protocol change in Kerberos 1.14 which causes older Java clients issues.
>
> Assuming an environment supports weak encryption and is using des-cbc-crc keys, and a Java app is negotiating multiple encryption types, one scenario which can happen is:
>
> - Java negotiates des-cbc-md5 and des-cbc-crc
> - KDC responds with support for both
> - Java actually makes request with type 3 (des-cbc-md5)
> - KDC now responds with BAD_ENCRYPTION_TYPE if the principal is defined as type 1 (des-cbc-crc).
>
> Previous behavior in 1.13 and prior: KDC would issue ticket (skey=3, tkt=1)
>
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
More information about the krbdev
mailing list