From: mhoellein Date: Thu, 23 Jan 2020 14:55:41 +0000 (+0100) Subject: committing changes in /etc after apt run X-Git-Url: https://git.hoellein.online/?a=commitdiff_plain;h=c4b04a74df6eb22a0e711ba815f8418c16d45960;p=homeserver committing changes in /etc after apt run Package changes: -aptdaemon 1.1.1+bzr982-0ubuntu19.1 all -aptdaemon-data 1.1.1+bzr982-0ubuntu19.1 all +aptdaemon 1.1.1+bzr982-0ubuntu19.2 all +aptdaemon-data 1.1.1+bzr982-0ubuntu19.2 all -chromium-codecs-ffmpeg-extra 78.0.3904.108-0ubuntu0.18.04.1 amd64 +chromium-codecs-ffmpeg-extra 79.0.3945.79-0ubuntu0.18.04.1 amd64 -code-brand 4.0-2 all +code-brand 4.2-12 all -dmeventd 2:1.02.145-4.1ubuntu3.18.04.1 amd64 +dmeventd 2:1.02.145-4.1ubuntu3.18.04.2 amd64 -dmsetup 2:1.02.145-4.1ubuntu3.18.04.1 amd64 +dmsetup 2:1.02.145-4.1ubuntu3.18.04.2 amd64 -e2fslibs 1.44.1-1ubuntu1.2 amd64 -e2fsprogs 1.44.1-1ubuntu1.2 amd64 +e2fslibs 1.44.1-1ubuntu1.3 amd64 +e2fsprogs 1.44.1-1ubuntu1.3 amd64 -firefox 71.0+linuxmint2+tricia amd64 -firefox-locale-de 71.0+linuxmint2+tricia amd64 -firefox-locale-en 71.0+linuxmint2+tricia amd64 +firefox 72.0.1+linuxmint1+tricia amd64 +firefox-locale-de 72.0.1+linuxmint1+tricia amd64 +firefox-locale-en 72.0.1+linuxmint1+tricia amd64 -gnome-calculator 1:3.28.2-1~ubuntu18.04.1 amd64 +gnome-calculator 1:3.28.2-1~ubuntu18.04.3 amd64 -libapache2-mod-php7.2 7.2.24-0ubuntu0.18.04.1 amd64 +libapache2-mod-php7.2 7.2.24-0ubuntu0.18.04.2 amd64 -libbsd0 0.8.7-1 amd64 -libbsd0 0.8.7-1 i386 +libbsd0 0.8.7-1ubuntu0.1 amd64 +libbsd0 0.8.7-1ubuntu0.1 i386 -libcom-err2 1.44.1-1ubuntu1.2 amd64 -libcom-err2 1.44.1-1ubuntu1.2 i386 -libcomerr2 1.44.1-1ubuntu1.2 amd64 -libcomerr2 1.44.1-1ubuntu1.2 i386 +libcom-err2 1.44.1-1ubuntu1.3 amd64 +libcom-err2 1.44.1-1ubuntu1.3 i386 +libcomerr2 1.44.1-1ubuntu1.3 amd64 +libcomerr2 1.44.1-1ubuntu1.3 i386 -libdevmapper-event1.02.1 2:1.02.145-4.1ubuntu3.18.04.1 amd64 -libdevmapper1.02.1 2:1.02.145-4.1ubuntu3.18.04.1 amd64 +libdevmapper-event1.02.1 2:1.02.145-4.1ubuntu3.18.04.2 amd64 +libdevmapper1.02.1 2:1.02.145-4.1ubuntu3.18.04.2 amd64 -libdrm-amdgpu1 2.4.97-1ubuntu1~18.04.1 amd64 -libdrm-amdgpu1 2.4.97-1ubuntu1~18.04.1 i386 -libdrm-common 2.4.97-1ubuntu1~18.04.1 all -libdrm-intel1 2.4.97-1ubuntu1~18.04.1 amd64 -libdrm-intel1 2.4.97-1ubuntu1~18.04.1 i386 -libdrm-nouveau2 2.4.97-1ubuntu1~18.04.1 amd64 -libdrm-nouveau2 2.4.97-1ubuntu1~18.04.1 i386 -libdrm-radeon1 2.4.97-1ubuntu1~18.04.1 amd64 -libdrm-radeon1 2.4.97-1ubuntu1~18.04.1 i386 -libdrm2 2.4.97-1ubuntu1~18.04.1 amd64 -libdrm2 2.4.97-1ubuntu1~18.04.1 i386 +libdrm-amdgpu1 2.4.99-1ubuntu1~18.04.1 amd64 +libdrm-amdgpu1 2.4.99-1ubuntu1~18.04.1 i386 +libdrm-common 2.4.99-1ubuntu1~18.04.1 all +libdrm-intel1 2.4.99-1ubuntu1~18.04.1 amd64 +libdrm-intel1 2.4.99-1ubuntu1~18.04.1 i386 +libdrm-nouveau2 2.4.99-1ubuntu1~18.04.1 amd64 +libdrm-nouveau2 2.4.99-1ubuntu1~18.04.1 i386 +libdrm-radeon1 2.4.99-1ubuntu1~18.04.1 amd64 +libdrm-radeon1 2.4.99-1ubuntu1~18.04.1 i386 +libdrm2 2.4.99-1ubuntu1~18.04.1 amd64 +libdrm2 2.4.99-1ubuntu1~18.04.1 i386 -libegl-mesa0 19.0.8-0ubuntu0~18.04.3 amd64 -libegl-mesa0 19.0.8-0ubuntu0~18.04.3 i386 +libegl-mesa0 19.2.1-1ubuntu1~18.04.1 amd64 +libegl-mesa0 19.2.1-1ubuntu1~18.04.1 i386 -libegl1-mesa 19.0.8-0ubuntu0~18.04.3 amd64 +libegl1-mesa 19.2.1-1ubuntu1~18.04.1 amd64 -libext2fs2 1.44.1-1ubuntu1.2 amd64 +libext2fs2 1.44.1-1ubuntu1.3 amd64 -libgbm1 19.0.8-0ubuntu0~18.04.3 amd64 -libgbm1 19.0.8-0ubuntu0~18.04.3 i386 +libgbm1 19.2.1-1ubuntu1~18.04.1 amd64 +libgbm1 19.2.1-1ubuntu1~18.04.1 i386 -libgcrypt20 1.8.1-4ubuntu1.1 amd64 -libgcrypt20 1.8.1-4ubuntu1.1 i386 +libgcrypt20 1.8.1-4ubuntu1.2 amd64 +libgcrypt20 1.8.1-4ubuntu1.2 i386 -libgl1-mesa-glx 19.0.8-0ubuntu0~18.04.3 amd64 -libgl1-mesa-glx 19.0.8-0ubuntu0~18.04.3 i386 +libgl1-mesa-glx 19.2.1-1ubuntu1~18.04.1 amd64 +libgl1-mesa-glx 19.2.1-1ubuntu1~18.04.1 i386 -libglapi-mesa 19.0.8-0ubuntu0~18.04.3 amd64 -libglapi-mesa 19.0.8-0ubuntu0~18.04.3 i386 +libglapi-mesa 19.2.1-1ubuntu1~18.04.1 amd64 +libglapi-mesa 19.2.1-1ubuntu1~18.04.1 i386 -libgles2-mesa 19.0.8-0ubuntu0~18.04.3 amd64 +libgles2-mesa 19.2.1-1ubuntu1~18.04.1 amd64 -libglx-mesa0 19.0.8-0ubuntu0~18.04.3 amd64 -libglx-mesa0 19.0.8-0ubuntu0~18.04.3 i386 +libglx-mesa0 19.2.1-1ubuntu1~18.04.1 amd64 +libglx-mesa0 19.2.1-1ubuntu1~18.04.1 i386 -libgnutls-openssl27 3.5.18-1ubuntu1.1 amd64 +libgnutls-openssl27 3.5.18-1ubuntu1.2 amd64 -libgnutls30 3.5.18-1ubuntu1.1 amd64 -libgnutls30 3.5.18-1ubuntu1.1 i386 +libgnutls30 3.5.18-1ubuntu1.2 amd64 +libgnutls30 3.5.18-1ubuntu1.2 i386 -libllvm8 1:8-3~ubuntu18.04.1 amd64 -libllvm8 1:8-3~ubuntu18.04.1 i386 +libllvm8 1:8-3~ubuntu18.04.2 amd64 +libllvm8 1:8-3~ubuntu18.04.2 i386 -liblvm2app2.2 2.02.176-4.1ubuntu3.18.04.1 amd64 -liblvm2cmd2.02 2.02.176-4.1ubuntu3.18.04.1 amd64 +liblvm2app2.2 2.02.176-4.1ubuntu3.18.04.2 amd64 +liblvm2cmd2.02 2.02.176-4.1ubuntu3.18.04.2 amd64 -libmariadb3 1:10.3.20+maria~bionic amd64 +libmariadb3 1:10.3.21+maria~bionic amd64 -libmysqlclient18 1:10.3.20+maria~bionic amd64 +libmysqlclient18 1:10.3.21+maria~bionic amd64 -libnautilus-extension1a 1:3.26.4-0~ubuntu18.04.4 amd64 +libnautilus-extension1a 1:3.26.4-0~ubuntu18.04.5 amd64 -libnss3 2:3.35-2ubuntu2.6 amd64 -libnss3 2:3.35-2ubuntu2.6 i386 +libnss3 2:3.35-2ubuntu2.7 amd64 +libnss3 2:3.35-2ubuntu2.7 i386 -libpython2.7 2.7.15-4ubuntu4~18.04.2 amd64 -libpython2.7-dev 2.7.15-4ubuntu4~18.04.2 amd64 -libpython2.7-minimal 2.7.15-4ubuntu4~18.04.2 amd64 -libpython2.7-stdlib 2.7.15-4ubuntu4~18.04.2 amd64 +libpython2.7 2.7.17-1~18.04 amd64 +libpython2.7-dev 2.7.17-1~18.04 amd64 +libpython2.7-minimal 2.7.17-1~18.04 amd64 +libpython2.7-stdlib 2.7.17-1~18.04 amd64 -libsdl-image1.2 1.2.12-8 amd64 -libsdl-image1.2 1.2.12-8 i386 +libsdl-image1.2 1.2.12-8ubuntu0.1 amd64 +libsdl-image1.2 1.2.12-8ubuntu0.1 i386 -libsmbclient 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 amd64 -libsnapd-glib1 1.49-0ubuntu0.18.04.0 amd64 +libsmbclient 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 amd64 +libsnapd-glib1 1.49-0ubuntu0.18.04.1 amd64 -libss2 1.44.1-1ubuntu1.2 amd64 +libss2 1.44.1-1ubuntu1.3 amd64 -libwayland-egl1-mesa 19.0.8-0ubuntu0~18.04.3 amd64 -libwayland-egl1-mesa 19.0.8-0ubuntu0~18.04.3 i386 +libwayland-egl1-mesa 19.2.1-1ubuntu1~18.04.1 amd64 +libwayland-egl1-mesa 19.2.1-1ubuntu1~18.04.1 i386 -libwbclient0 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 amd64 +libwbclient0 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 amd64 -linux-firmware 1.173.13 all +linux-firmware 1.173.14 all -linux-libc-dev 4.15.0-72.81 amd64 +linux-libc-dev 4.15.0-74.84 amd64 -lvm2 2.02.176-4.1ubuntu3.18.04.1 amd64 +lvm2 2.02.176-4.1ubuntu3.18.04.2 amd64 -mariadb-client-10.3 1:10.3.20+maria~bionic amd64 -mariadb-client-core-10.3 1:10.3.20+maria~bionic amd64 -mariadb-common 1:10.3.20+maria~bionic all -mariadb-server 1:10.3.20+maria~bionic all -mariadb-server-10.3 1:10.3.20+maria~bionic amd64 -mariadb-server-core-10.3 1:10.3.20+maria~bionic amd64 +mariadb-client-10.3 1:10.3.21+maria~bionic amd64 +mariadb-client-core-10.3 1:10.3.21+maria~bionic amd64 +mariadb-common 1:10.3.21+maria~bionic all +mariadb-server 1:10.3.21+maria~bionic all +mariadb-server-10.3 1:10.3.21+maria~bionic amd64 +mariadb-server-core-10.3 1:10.3.21+maria~bionic amd64 -mint-upgrade-info 1.1.4 all +mint-upgrade-info 1.1.5 all -mysql-common 1:10.3.20+maria~bionic all +mysql-common 1:10.3.21+maria~bionic all -nautilus-data 1:3.26.4-0~ubuntu18.04.4 all +nautilus-data 1:3.26.4-0~ubuntu18.04.5 all -ndiswrapper 1.60-6ubuntu0.1 amd64 -ndiswrapper-dkms 1.60-6ubuntu0.1 all +ndiswrapper 1.60-6ubuntu0.2 amd64 +ndiswrapper-dkms 1.60-6ubuntu0.2 all -openjdk-11-jre 11.0.4+11-1ubuntu2~18.04.3 amd64 -openjdk-11-jre-headless 11.0.4+11-1ubuntu2~18.04.3 amd64 +openjdk-11-jre 11.0.5+10-0ubuntu1.1~18.04 amd64 +openjdk-11-jre-headless 11.0.5+10-0ubuntu1.1~18.04 amd64 -openjdk-8-jre 8u222-b10-1ubuntu1~18.04.1 amd64 -openjdk-8-jre-headless 8u222-b10-1ubuntu1~18.04.1 amd64 +openjdk-8-jre 8u232-b09-0ubuntu1~18.04.1 amd64 +openjdk-8-jre-headless 8u232-b09-0ubuntu1~18.04.1 amd64 -php7.2 7.2.24-0ubuntu0.18.04.1 all -php7.2-bz2 7.2.24-0ubuntu0.18.04.1 amd64 -php7.2-cli 7.2.24-0ubuntu0.18.04.1 amd64 -php7.2-common 7.2.24-0ubuntu0.18.04.1 amd64 -php7.2-curl 7.2.24-0ubuntu0.18.04.1 amd64 -php7.2-fpm 7.2.24-0ubuntu0.18.04.1 amd64 -php7.2-gd 7.2.24-0ubuntu0.18.04.1 amd64 -php7.2-intl 7.2.24-0ubuntu0.18.04.1 amd64 -php7.2-json 7.2.24-0ubuntu0.18.04.1 amd64 -php7.2-ldap 7.2.24-0ubuntu0.18.04.1 amd64 -php7.2-mbstring 7.2.24-0ubuntu0.18.04.1 amd64 -php7.2-mysql 7.2.24-0ubuntu0.18.04.1 amd64 -php7.2-opcache 7.2.24-0ubuntu0.18.04.1 amd64 -php7.2-readline 7.2.24-0ubuntu0.18.04.1 amd64 -php7.2-sqlite3 7.2.24-0ubuntu0.18.04.1 amd64 -php7.2-xml 7.2.24-0ubuntu0.18.04.1 amd64 -php7.2-zip 7.2.24-0ubuntu0.18.04.1 amd64 +php7.2 7.2.24-0ubuntu0.18.04.2 all +php7.2-bz2 7.2.24-0ubuntu0.18.04.2 amd64 +php7.2-cli 7.2.24-0ubuntu0.18.04.2 amd64 +php7.2-common 7.2.24-0ubuntu0.18.04.2 amd64 +php7.2-curl 7.2.24-0ubuntu0.18.04.2 amd64 +php7.2-fpm 7.2.24-0ubuntu0.18.04.2 amd64 +php7.2-gd 7.2.24-0ubuntu0.18.04.2 amd64 +php7.2-intl 7.2.24-0ubuntu0.18.04.2 amd64 +php7.2-json 7.2.24-0ubuntu0.18.04.2 amd64 +php7.2-ldap 7.2.24-0ubuntu0.18.04.2 amd64 +php7.2-mbstring 7.2.24-0ubuntu0.18.04.2 amd64 +php7.2-mysql 7.2.24-0ubuntu0.18.04.2 amd64 +php7.2-opcache 7.2.24-0ubuntu0.18.04.2 amd64 +php7.2-readline 7.2.24-0ubuntu0.18.04.2 amd64 +php7.2-sqlite3 7.2.24-0ubuntu0.18.04.2 amd64 +php7.2-xml 7.2.24-0ubuntu0.18.04.2 amd64 +php7.2-zip 7.2.24-0ubuntu0.18.04.2 amd64 -pix 1.8.2+tara amd64 -pix-data 1.8.2+tara all +pix 2.4.5+tricia amd64 +pix-data 2.4.5+tricia all -python-apt 1.6.4 amd64 -python-apt-common 1.6.4 all -python-aptdaemon 1.1.1+bzr982-0ubuntu19.1 all -python-aptdaemon.gtk3widgets 1.1.1+bzr982-0ubuntu19.1 all +python-apt 1.6.5ubuntu0.2 amd64 +python-apt-common 1.6.5ubuntu0.2 all +python-aptdaemon 1.1.1+bzr982-0ubuntu19.2 all +python-aptdaemon.gtk3widgets 1.1.1+bzr982-0ubuntu19.2 all -python-gdbm 2.7.16-2~18.04 amd64 +python-gdbm 2.7.17-1~18.04 amd64 -python-samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 amd64 +python-samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 amd64 -python2.7 2.7.15-4ubuntu4~18.04.2 amd64 -python2.7-dev 2.7.15-4ubuntu4~18.04.2 amd64 -python2.7-minimal 2.7.15-4ubuntu4~18.04.2 amd64 +python2.7 2.7.17-1~18.04 amd64 +python2.7-dev 2.7.17-1~18.04 amd64 +python2.7-minimal 2.7.17-1~18.04 amd64 -python3-apt 1.6.4 amd64 -python3-aptdaemon 1.1.1+bzr982-0ubuntu19.1 all -python3-aptdaemon.gtk3widgets 1.1.1+bzr982-0ubuntu19.1 all +python3-apt 1.6.5ubuntu0.2 amd64 +python3-aptdaemon 1.1.1+bzr982-0ubuntu19.2 all +python3-aptdaemon.gtk3widgets 1.1.1+bzr982-0ubuntu19.2 all -samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 amd64 -samba-common 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 all -samba-common-bin 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 amd64 -samba-dsdb-modules 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 amd64 -samba-libs 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 amd64 -samba-vfs-modules 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 amd64 +samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 amd64 +samba-common 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 all +samba-common-bin 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 amd64 +samba-dsdb-modules 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 amd64 +samba-libs 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 amd64 +samba-vfs-modules 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 amd64 -spamassassin 3.4.2-0ubuntu0.18.04.1 all +spamassassin 3.4.2-0ubuntu0.18.04.2 all -thunderbird 1:68.2.2+build1-0ubuntu0.18.04.1 amd64 -thunderbird-gnome-support 1:68.2.2+build1-0ubuntu0.18.04.1 amd64 -thunderbird-locale-en 1:68.2.2+build1-0ubuntu0.18.04.1 amd64 -thunderbird-locale-en-us 1:68.2.2+build1-0ubuntu0.18.04.1 all +thunderbird 1:68.4.1+build1-0ubuntu0.18.04.1 amd64 +thunderbird-gnome-support 1:68.4.1+build1-0ubuntu0.18.04.1 amd64 +thunderbird-locale-en 1:68.4.1+build1-0ubuntu0.18.04.1 amd64 +thunderbird-locale-en-us 1:68.4.1+build1-0ubuntu0.18.04.1 all -ubuntu-drivers-common 1:0.5.2.4 amd64 +ubuntu-drivers-common 1:0.5.2.5 amd64 --- diff --git a/java-11-openjdk/jfr/default.jfc b/java-11-openjdk/jfr/default.jfc index 6164a4e1..04e02e93 100644 --- a/java-11-openjdk/jfr/default.jfc +++ b/java-11-openjdk/jfr/default.jfc @@ -588,6 +588,26 @@ 20 ms + + false + true + + + + false + true + + + + false + true + + + + false + true + + false true diff --git a/java-11-openjdk/jfr/profile.jfc b/java-11-openjdk/jfr/profile.jfc index 267064ad..fec835f1 100644 --- a/java-11-openjdk/jfr/profile.jfc +++ b/java-11-openjdk/jfr/profile.jfc @@ -588,6 +588,26 @@ 10 ms + + false + true + + + + false + true + + + + false + true + + + + false + true + + false true diff --git a/java-11-openjdk/security/java.security b/java-11-openjdk/security/java.security index c6a2c2e9..0c87fe11 100644 --- a/java-11-openjdk/security/java.security +++ b/java-11-openjdk/security/java.security @@ -1064,6 +1064,24 @@ jceks.key.serialFilter = java.base/java.lang.Enum;java.base/java.security.KeyRep # #jdk.includeInExceptions=hostInfo +# +# Disabled mechanisms for the Simple Authentication and Security Layer (SASL) +# +# Disabled mechanisms will not be negotiated by both SASL clients and servers. +# These mechanisms will be ignored if they are specified in the "mechanisms" +# argument of "Sasl.createSaslClient" or the "mechanism" argument of +# "Sasl.createSaslServer". +# +# The value of this property is a comma-separated list of SASL mechanisms. +# The mechanisms are case-sensitive. Whitespaces around the commas are ignored. +# +# Note: This property is currently used by the JDK Reference implementation. +# It is not guaranteed to be examined and used by other implementations. +# +# Example: +# jdk.sasl.disabledMechanisms=PLAIN, CRAM-MD5, DIGEST-MD5 +jdk.sasl.disabledMechanisms= + # # Policies for distrusting Certificate Authorities (CAs). # @@ -1094,3 +1112,51 @@ jceks.key.serialFilter = java.base/java.lang.Enum;java.base/java.security.KeyRep # jdk.security.caDistrustPolicies=SYMANTEC_TLS +# +# FilePermission path canonicalization +# +# This security property dictates how the path argument is processed and stored +# while constructing a FilePermission object. If the value is set to true, the +# path argument is canonicalized and FilePermission methods (such as implies, +# equals, and hashCode) are implemented based on this canonicalized result. +# Otherwise, the path argument is not canonicalized and FilePermission methods are +# implemented based on the original input. See the implementation note of the +# FilePermission class for more details. +# +# If a system property of the same name is also specified, it supersedes the +# security property value defined here. +# +# The default value for this property is false. +# +jdk.io.permissionsUseCanonicalPath=false + + +# +# Policies for the proxy_impersonator Kerberos ccache configuration entry +# +# The proxy_impersonator ccache configuration entry indicates that the ccache +# is a synthetic delegated credential for use with S4U2Proxy by an intermediate +# server. The ccache file should also contain the TGT of this server and +# an evidence ticket from the default principal of the ccache to this server. +# +# This security property determines how Java uses this configuration entry. +# There are 3 possible values: +# +# no-impersonate - Ignore this configuration entry, and always act as +# the owner of the TGT (if it exists). +# +# try-impersonate - Try impersonation when this configuration entry exists. +# If no matching TGT or evidence ticket is found, +# fallback to no-impersonate. +# +# always-impersonate - Always impersonate when this configuration entry exists. +# If no matching TGT or evidence ticket is found, +# no initial credential is read from the ccache. +# +# The default value is "always-impersonate". +# +# If a system property of the same name is also specified, it supersedes the +# security property value defined here. +# +#jdk.security.krb5.default.initiate.credential=always-impersonate + diff --git a/java-8-openjdk/security/java.policy b/java-8-openjdk/security/java.policy index 769333c4..ce437f10 100644 --- a/java-8-openjdk/security/java.policy +++ b/java-8-openjdk/security/java.policy @@ -95,5 +95,7 @@ grant { permission java.util.PropertyPermission "java.vm.version", "read"; permission java.util.PropertyPermission "java.vm.vendor", "read"; permission java.util.PropertyPermission "java.vm.name", "read"; + + permission java.util.PropertyPermission "sun.security.pkcs11.disableKeyExtraction", "read"; }; diff --git a/java-8-openjdk/security/java.security b/java-8-openjdk/security/java.security index 718f819a..de4e8f89 100644 --- a/java-8-openjdk/security/java.security +++ b/java-8-openjdk/security/java.security @@ -1012,3 +1012,32 @@ jceks.key.serialFilter = java.lang.Enum;java.security.KeyRep;\ # if this property is not enabled. # jdk.security.caDistrustPolicies=SYMANTEC_TLS + +# +# Policies for the proxy_impersonator Kerberos ccache configuration entry +# +# The proxy_impersonator ccache configuration entry indicates that the ccache +# is a synthetic delegated credential for use with S4U2Proxy by an intermediate +# server. The ccache file should also contain the TGT of this server and +# an evidence ticket from the default principal of the ccache to this server. +# +# This security property determines how Java uses this configuration entry. +# There are 3 possible values: +# +# no-impersonate - Ignore this configuration entry, and always act as +# the owner of the TGT (if it exists). +# +# try-impersonate - Try impersonation when this configuration entry exists. +# If no matching TGT or evidence ticket is found, +# fallback to no-impersonate. +# +# always-impersonate - Always impersonate when this configuration entry exists. +# If no matching TGT or evidence ticket is found, +# no initial credential is read from the ccache. +# +# The default value is "always-impersonate". +# +# If a system property of the same name is also specified, it supersedes the +# security property value defined here. +# +#jdk.security.krb5.default.initiate.credential=always-impersonate