[16466] in Kerberos_V5_Development
Re: X-CACHECONF in cache type 0504
daemon@ATHENA.MIT.EDU (Frank Cusack)
Thu Nov 18 13:07:35 2010
Date: Thu, 18 Nov 2010 10:07:26 -0800
From: Frank Cusack <frank+krb@linetwo.net>
To: Tim Alsop <Tim@cybersafe.com>, "krbdev@MIT.EDU" <krbdev@mit.edu>
Message-ID: <A582E1F3D03788137B5BF9E5@cusack.local>
In-Reply-To: <C90AE14D.2764A%Tim.Alsop@CyberSafe.com>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On 11/18/10 1:57 PM +0000 Tim Alsop wrote:
> related to Java Kerberos. Basically if MIT code is used to create the
> cache, the Java 1.6 code cannot recognise the TGT unless the cache
> entries are renewed to remove the extra information added by MIT.
Or unless you tell the JVM to use the native krb5 libraries.
(set sun.security.jgss.native to true, only for Solaris and Linux).
There's also a patch against openjdk to fix it.
Just wanted to point out there are alternatives to renewing the ccache
in some cases.
I find it interesting that kinit puts this info in the ccache and
kinit -R removes it.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
