Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8191750

Kerberos SSO breaks on multiple domains using AES

    XMLWordPrintable

    Details

      Description

      Kerberos application break when attempting to use multiple domains.

      submitter info :
      ============
      Breakpoint at:
      sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:272)
      on line : EncryptionKey[] keys = cred.getKrb5EncryptionKeys(apReqMessg.ticket.sname);
      shows that apReqMessg.ticket.sname=HTTP/xxx.oracle.com@DOWN.COM
      but the encrypted key return is the one for
      HTTP/xxx.oracle.com@UP.COM, even if finaltab contains keys for
      both HTTP/xxx.oracle.com@UP.COM and
      HTTP/xxx.oracle.com@DOWN.COM

      With AES128, this keys differs since there is salt used. With RC4 the keys were the same, hence there was no exception.

        Attachments

          Activity

            People

            • Assignee:
              coffeys Sean Coffey
              Reporter:
              shadowbug Shadow Bug
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: