On Tue, 16 Sep 2025 17:43:34 GMT, Weijun Wang <[email protected]> wrote:
>> For interoperability, AP-REQ decryption uses the key with the highest kvno >> in the keytab if no exact match is found. If decryption fails, a normal >> "checksum failed" error is reported, which may hide the real cause that the >> wrong key is used. This code change throws a KRB_AP_ERR_BADKEYVER error in >> this case. >> >> The change is only made in AP-REQ decryption to minimize impact. A previous >> test is enhanced to cover the case. > > Weijun Wang has updated the pull request incrementally with one additional > commit since the last revision: > > different exception for other etypes; test Different etypes could throw different exceptions at decryption. All are still subtypes of `KrbException`. Add test cases for all different types of etypes. ------------- PR Comment: https://git.openjdk.org/jdk/pull/27298#issuecomment-3299767697
