On Thu, Feb 27, 2020 at 8:36 PM Ben Gooley <bgoo...@cloudera.com> wrote: > > Thanks... for reference, Java enabled both referrals and canonicalization > requests by its clients in recent releases of OpenJDK: > https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8223172
Thanks, interesting read. (for example, this quote: Principal name changes are allowed in AS-REQ responses only if 1) *canonicalize* option was set in the AS-REQ request, 2) PA-REQ-ENC-PA-REP pre-authentication data was sent in the AS-REQ response (meaning the server supports [RFC 6068][1] FAST scheme) and 3) the authenticated checksum is correct.) ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
