JGSS fails with KrbException: Message stream modified (41) on cross-realm intermediate/unexpected TGT

Wang Weijun weijun.wang at oracle.com
Tue Apr 19 15:11:32 UTC 2016

> On Apr 19, 2016, at 8:48 PM, Osipov, Michael <michael.osipov at siemens.com> wrote:
>>> Are there any  plans to add referral support?
>> Not yet.
>>> Can we log this issue in bugs.openjdk.java.net/browse/JDK?
>> You can always do that, but such a feature should be covered by a JEP.
> Only JDK devs have write access. All I can do is a bug report with
> http://bugreport.java.com/. A JEP can probably initiated by you or your
> colleagues. Even if, this probably won't make it into Java 9.

There is another bug https://bugs.openjdk.java.net/browse/JDK-6631053 which is about referral for client. I've just added a comment on server and cross-realm routing.

> In the meantime, can this be documented someone in the official docs
> of Oracle?

The documentation for Kerberos in Java is at


It has not listed RFC 6806.


> Michael

More information about the security-dev mailing list