On Fri, 22 Oct 2021 16:31:02 GMT, Weijun Wang <wei...@openjdk.org> wrote:
> The S4U2proxy extension requires that the service ticket to the first service > has the forwardable flag set, but some versions of Windows Server do not set > the forwardable flag in a S4U2self response and accept it in a S4U2proxy > request. > > There are 2 commits now. The 1st is a refactoring that sends more info into > the methods (Ex: `KdcComm::send(byte[])` -> `KdcComm::send(KrbKdcReq)`, and > `Ticket` -> `Credentials` in multiple places) so that inside `KdcComm::send` > there is enough info to decide how to deal with various errors. The 2nd is > the actual fix to this issue, i.e. ignore the flag and retry another KDC. This pull request has now been integrated. Changeset: ab867f6c Author: Weijun Wang <wei...@openjdk.org> URL: https://git.openjdk.java.net/jdk/commit/ab867f6c7c578ae7e65af2989b6836d523a41c5a Stats: 413 lines in 17 files changed: 218 ins; 38 del; 157 mod 8272162: S4U2Self ticket without forwardable flag Reviewed-by: valeriep ------------- PR: https://git.openjdk.java.net/jdk/pull/6082
