--- a/test/jdk/sun/security/krb5/auto/KDC.java Wed Jul 17 16:13:26 2019 -0700
+++ b/test/jdk/sun/security/krb5/auto/KDC.java Wed Jul 17 12:26:56 2019 -0300
@@ -808,8 +808,10 @@
PrincipalName cname = null;
boolean allowForwardable = true;
-
+ boolean isReferral = false;
if (body.kdcOptions.get(KDCOptions.CANONICALIZE)) {
+ System.out.println(realm + "> verifying referral for " +
+ body.sname.getNameString());
KDC referral = aliasReferrals.get(body.sname.getNameString());
if (referral != null) {
service = new PrincipalName(
@@ -817,6 +819,9 @@
PrincipalName.NAME_COMPONENT_SEPARATOR_STR +
referral.getRealm(), PrincipalName.KRB_NT_SRV_INST,
this.getRealm());
+ System.out.println(realm + "> referral to " +
+ referral.getRealm());
+ isReferral = true;
}
}
@@ -918,7 +923,8 @@
if (body.kdcOptions.get(KDCOptions.ALLOW_POSTDATE)) {
bFlags[Krb5.TKT_OPTS_MAY_POSTDATE] = true;
}
- if (body.kdcOptions.get(KDCOptions.CNAME_IN_ADDL_TKT)) {
+ if (body.kdcOptions.get(KDCOptions.CNAME_IN_ADDL_TKT) &&
+ !isReferral) {
if (!options.containsKey(Option.ALLOW_S4U2PROXY)) {
// Don't understand CNAME_IN_ADDL_TKT
throw new KrbException(Krb5.KDC_ERR_BADOPTION);
@@ -1074,8 +1080,7 @@
}
int eType = eTypes[0];
- if (body.kdcOptions.get(KDCOptions.CANONICALIZE) &&
- body.cname.getNameType() == PrincipalName.KRB_NT_ENTERPRISE) {
+ if (body.kdcOptions.get(KDCOptions.CANONICALIZE)) {
PrincipalName principal = alias2Principals.get(
body.cname.getNameString());
if (principal != null) {