Hi Max,
On Tue, Mar 29, 2011 at 4:35 PM, Weijun Wang wrote:
> Update:
>
> I think I was wrong about caddr in a service ticket. JRE does not provide
> the address field in its TGS-REQ packet, but the KDC can still set the caddr
> in a ticket.
>
Yes. I've tested and the client addresses are indee
Update:
I think I was wrong about caddr in a service ticket. JRE does not
provide the address field in its TGS-REQ packet, but the KDC can still
set the caddr in a ticket.
So forget about that patch.
Anyway, my previous mail on address from channel binding is still valid.
You can try callin
Hi Szabolcs
On 03/29/2011 09:18 PM, Szabolcs Pota wrote:
Hi Max,
The client was Java in all cases. I've tried with the following
combinations:
* Open JDK b133 with JGSS
* Open JDK b133 with MIT native Kerberos
I guess this means using the native GSS provider with
-Dsun.security.jgss
Hi Max,
The client was Java in all cases. I've tried with the following
combinations:
- Open JDK b133 with JGSS
- Open JDK b133 with MIT native Kerberos
- JDK 6u23 with JGSS
- JDK 6u23with MIT native Kerberos
The result is always the same:
Caused by: sun.security.krb5.internal.KrbAp
Sorry for the late reply.
I suppose your client side program is not in Java? Because in JDK a
service ticker's addresses field is always null.
Thanks
Max
On 03/25/2011 07:53 PM, Szabolcs Pota wrote:
[+ adding back security-dev]
Hi Henry,
Thank you for your reply. My answers are below.
[+ adding back security-dev]
Hi Henry,
Thank you for your reply. My answers are below.
On Fri, Mar 25, 2011 at 1:26 AM, Henry B. Hotz wrote:
> No-list reply since I'm subscribed with an alias which my ISP won't let me
> send with.
>
> On Mar 23, 2011, at 5:16 AM, Szabolcs Pota wrote:
>
> > Our
Hi All,
I am testing Kerberos implementation in Open JDK (build 133,
http://download.java.net/openjdk/jdk7/promoted/b133/) and run into an
issue that maybe a bug in the KrbApReq class. I have started to
investigate the issue in more details when I found that the same test
setup runs without proble
