> For interoperability, AP-REQ decryption uses the key with the highest kvno in > the keytab if no exact match is found. If decryption fails, a normal > "checksum failed" error is reported, which may hide the real cause that the > wrong key is used. This code change throws a KRB_AP_ERR_BADKEYVER error in > this case. > > The change is only made in AP-REQ decryption to minimize impact. A previous > test is enhanced to cover the case.
Weijun Wang has updated the pull request incrementally with one additional commit since the last revision: call fromUserKtab directly with aotomatic isInitiator being false; show exception if not correct code ------------- Changes: - all: https://git.openjdk.org/jdk/pull/27298/files - new: https://git.openjdk.org/jdk/pull/27298/files/10e409d6..aee6aec3 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=27298&range=04 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=27298&range=03-04 Stats: 17 lines in 1 file changed: 0 ins; 4 del; 13 mod Patch: https://git.openjdk.org/jdk/pull/27298.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/27298/head:pull/27298 PR: https://git.openjdk.org/jdk/pull/27298
