Impersonation issue after migrating from Oracle JDK 8 to Open JDK 8 in Cloudera cluster
This is a known bug I filed with openJDK.
"KerberosTicket client name refers wrongly to sAMAccountName in AD", Major loss of Function.
It is tracked here: https://bugs.openjdk.java.net/browse/JDK-8239385
This issue is resolved. The issue was due to the cross-realm referrals support for Kerberos (JDK-8215032
). You need to set -Dsun.security.krb5.disableReferrals=true
property of the service or to set this is java.security
file.
Might be related to my problem: https://bugs.launchpad.net/ubuntu/+source/openjdk-8/+bug/1861883
I also reported this to the OpenJDK bug report site (twice) but no reaction so far.
If your problem disappears after downgrading to OpenJDK 1.8.0 232 we've been hit by the same bug.