On 19/01/18 13:35, Rory O'Donnell wrote: > Hi Mark, > > I'd prefer a new bug , referring to the old bug etc.
Fair enough. Will do. Mark > > Thanks,Rory > > > On 19/01/2018 13:34, Mark Thomas wrote: >> On 19/01/18 13:31, Rory O'Donnell wrote: >>> Hi Mark, >>> >>> Can you get a bug logged and let me know the JI ? >> Sure. Is the existing bug not enough? >> >> https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8149521 >> >> >> Cheers, >> >> Mark >> >> >>> Rgds,Rory >>> >>> >>> On 19/01/2018 12:37, Mark Thomas wrote: >>>> Hi Rory, >>>> >>>> A user has reported a problem [1] with Tomcat's kerberos (we call it >>>> Windows authentication) when using SRV DNS records to locate the LDAP >>>> server. >>>> >>>> The root cause appears to be a JRE bug. [2] >>>> >>>> The fix for that bug in Java 8 doesn't work for Tomcat. Is there any >>>> chance the fix could be revisited and the proposal in the bug (remove >>>> the trailing dot from the host name obtained from the DNS SRV record in >>>> com.sun.jndi.ldap.ServiceLocator) be adopted? >>>> >>>> The main problem for us is that the work around is awfully invasive. It >>>> requires a fairly deep dive into the JRE code to fix. >>>> >>>> Note: testing with Java 9 (first release) or Java 10 ea 38 shows >>>> everything works as expected in those versions. >>>> >>>> Thanks, >>>> >>>> Mark >>>> >>>> >>>> [1] https://bz.apache.org/bugzilla/show_bug.cgi?id=61977 >>>> [2] https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8149521 > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
