JGSS fails with KrbException: Message stream modified (41) on cross-realm intermediate/unexpected TGT

Wang Weijun weijun.wang at oracle.com
Tue Apr 19 15:11:32 UTC 2016


> On Apr 19, 2016, at 8:48 PM, Osipov, Michael <michael.osipov at siemens.com> wrote:
> 
>>> Are there any  plans to add referral support?
>> 
>> Not yet.
>> 
>>> Can we log this issue in bugs.openjdk.java.net/browse/JDK?
>> 
>> You can always do that, but such a feature should be covered by a JEP.
> 
> Only JDK devs have write access. All I can do is a bug report with
> http://bugreport.java.com/. A JEP can probably initiated by you or your
> colleagues. Even if, this probably won't make it into Java 9.

There is another bug https://bugs.openjdk.java.net/browse/JDK-6631053 which is about referral for client. I've just added a comment on server and cross-realm routing.

> In the meantime, can this be documented someone in the official docs
> of Oracle?

The documentation for Kerberos in Java is at

  http://download.java.net/jdk9/docs/technotes/guides/security/jgss/jgss-api-mechanism.html

It has not listed RFC 6806.

--Max

> 
> Michael



More information about the security-dev mailing list