For interoperability, AP-REQ decryption uses the key with the highest kvno in the keytab if no exact match is found. If decryption fails, a normal "checksum failed" error is reported, which may hide the real cause that the wrong key is used. This code change throws a KRB_AP_ERR_BADKEYVER error in this case.
The change is only made in AP-REQ decryption to minimize impact. A previous test is enhanced to cover the case. ------------- Commit messages: - the fix Changes: https://git.openjdk.org/jdk/pull/27298/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=27298&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8367344 Stats: 60 lines in 3 files changed: 44 ins; 0 del; 16 mod Patch: https://git.openjdk.org/jdk/pull/27298.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/27298/head:pull/27298 PR: https://git.openjdk.org/jdk/pull/27298
