Hi Rory, A user has reported a problem [1] with Tomcat's kerberos (we call it Windows authentication) when using SRV DNS records to locate the LDAP server.
The root cause appears to be a JRE bug. [2] The fix for that bug in Java 8 doesn't work for Tomcat. Is there any chance the fix could be revisited and the proposal in the bug (remove the trailing dot from the host name obtained from the DNS SRV record in com.sun.jndi.ldap.ServiceLocator) be adopted? The main problem for us is that the work around is awfully invasive. It requires a fairly deep dive into the JRE code to fix. Note: testing with Java 9 (first release) or Java 10 ea 38 shows everything works as expected in those versions. Thanks, Mark [1] https://bz.apache.org/bugzilla/show_bug.cgi?id=61977 [2] https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8149521 --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
