The JGSS/krb5 provider in jdk7 does not allow "insecure" hostname
canonicalization for security reason. (A "secure" canonicalization means
the result starts with the input. We still support this for
compatibility). This is the reason why you see the service not found error.
When -Dsun.security
* Carlos Gunners:
> When I try to connect a java app (tomcat8 container, openjdk-7-jre v 7u101,
> debian jessie) to this ldap service via GSSAPI/kerberos using a keytab for
> auth, it repeatedly fails .. initially failing to find the service
> principal in kerberos via its non-canonical hostname (
Hello,
I have a situation here where we run an ldap service with round-robin dns
.. so, we advertise a cname that resolves to multiple actual servers.
Also, this cnam is not setup as a service principal in kerberos.
When I try to connect a java app (tomcat8 container, openjdk-7-jre v 7u101,
debia
