Bug 1968485
| Summary: | OpenJDK kerberos implementation lacks behind in terms of modern features/standards | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | zzambers |
| Component: | java-11-openjdk | Assignee: | Martin Balao <mbalao> |
| Status: | CLOSED WONTFIX | QA Contact: | OpenJDK QA <java-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 9.0 | CC: | fdvorak, mbalao, ssorce |
| Target Milestone: | beta | Keywords: | FutureFeature |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-12-07 07:27:53 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
zzambers
2021-06-07 13:08:05 UTC
@rharwood could you please comment on severenity/priority here? I mean, are we talking mostly about "nice to have" features or are (some of) these urgent in a way, they could (or are known to) cause kerberos to no longer work with Openjdk in the (near) feature? That's really up to you, and how much you want to be compatible. For maximum compatibility, switch the default to use krb5 (I think this can be done with sun.security.jgss.native today). The biggest missing thing is probably ccache types. If memory serves, the pure-java implementation only supports FILE (and possibly DIR). The RHEL 8+ default is KCM, and people use KEYRING as well since it's the default in RHEL 7 and serves a different use case. After evaluating this issue, there are no plans to address it further or fix it in an upcoming release. Therefore, it is being closed. If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened. |