Hi All
Please review a fix at
http://cr.openjdk.java.net/~weijun/8078439
This is a regression triggered by JDK-8048194. In SPNEGO, a client might
send NegTokenInit with OIDs being {MS_KRB5_OID, KRB5_OID} along with a
krb5 AP-REQ as mechToken. Java did not understand MS_KRB5_OID but before
JDK-8048194 it blindly accepted the mechToken and everything just went
on fine. After JDK-8048194, it rejects the unknown OID and cannot
establish a security context.
The fix adds a tweak to recognize the MS_KRB5_OID.
*Ivan*:
Can you try out the patch on jdk8u?
Thanks
Max
