Details

      Backports

        Description

        The 'canonicalize' flag in the [krb5.conf file][1] is now supported by the JDK Kerberos implementation. When set to *true*, [RFC 6806][2] Name Canonicalization support is informed to KDC services in all TGT requests (AS protocol). Otherwise, and by default, it is not informed.

        The new default behavior is different from the one in JDK-14 and previous releases where Name Canonicalization support was always informed to KDC services in TGT requests (provided that support for [RFC 6806][2] was not explicitly disabled with *sun.security.krb5.disableReferrals* System or Security properties).

        [1]: https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html
        [2]: https://tools.ietf.org/html/rfc6806

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  mbalao Martin Balao
                  Reporter:
                  mbalao Martin Balao
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated: