On ti, 31 tammi 2017, Florian Weimer wrote:
On 01/31/2017 02:38 PM, Jakub Hrozek wrote:
On Tue, Jan 31, 2017 at 02:36:12PM +0100, Florian Weimer wrote:
On 01/31/2017 10:36 AM, David Woodhouse wrote:
Please ensure this works with winbind. The switch to KEYRING: by
default didn't — pam_winbind was putting creds in /tmp/krb5cc_$UID
still, and then they weren't consistently being found there.
OpenJDK could be affected by this as well.
Does OpenJDK work with KERING now or only handles FILE?
Hmm. I assumed it handled KEYRING:, but both jdk8 and jdk9 only seem
to implement FILE:. So this change shouldn't result in a regression.
Unfortunately, JDKs are tending not to value integration with
system-wide Kerberos libraries. We had this issue with S4U2Proxy support
(it took three or more years to get S4U2Proxy support in Java's native
Kerberos provider) and we'll continue having it with other features. KCM
protocol in libkrb5 is the same one libkrb5 is already using on Mac OS
X, with a small change of doing Unix domain socket on the Linux and
doing a special kernel interface on Mac OS X.
--
/ Alexander Bokovoy
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
