On Mon, 15 Sep 2025 15:49:11 GMT, Weijun Wang <[email protected]> wrote:
> For interoperability, AP-REQ decryption uses the key with the highest kvno in > the keytab if no exact match is found. If decryption fails, a normal > "checksum failed" error is reported, which may hide the real cause that the > wrong key is used. This code change throws a KRB_AP_ERR_BADKEYVER error in > this case. > > The change is only made in AP-REQ decryption to minimize impact. A previous > test is enhanced to cover the case. This pull request has been closed without being integrated. ------------- PR: https://git.openjdk.org/jdk/pull/27298
