Typo on line 941 of KDC.java: s/senstives/sensitives
Also the OS component of the bug is set to "solaris_10", which doesn't
seem right.
Looks ok otherwise.
--Sean
On 01/14/2015 11:10 PM, Wang Weijun wrote:
Hi All
Please review the code changes at
http://cr.openjdk.java.net/~weijun/8022582/webrev.00
Sometimes a forwardable ticket request is sent but KDC returns a non-forwardable one. For example,
in Windows, an account can be set as "sensitive and cannot be delegated". While it's
possible to remove the "forwardable=true" line in krb5.conf to avoid the check failure,
the file is global and maybe another account wants to be delegated. Therefore we just to relax the
forwardable check.
KrbTgsReq is also modified so that one can get a service ticket when TGT is not
forwardable.
One special case is S4U2self request, both the existing ticket and the expected
ticket must be forwardable, and we fail early if one is not.
A new test simulates the "sensitive account" concept in Windows.
Thanks
Max
