1 Reply Latest reply: Aug 20, 2010 4:58 AM by 843810 RSS

    KVNO in 6u21

      the Kerberos implementation in java version 6u20 (and below) ignores the key version number (KVNO) in keytab

      however in java version 6u21 the Kerberos implementation throws KRB_AP_ERR_BADKEYVER ("Specified version of key is not available")
      if the KVNOs do not match

      this is quite problematic, as the ktab tool is not able to manipulate the KVNOs in the keytab files!

      am I right?
      if I'm right, the even bigger problem is
      that this change is NOT DOCUMENTED by Oracle/Sun !!!

      if someone upgrades an application with Kerberos to java version 6u21
      his/her application suddenly breaks!