[security-dev 00820]: krb5 config searches for values in a strange way
Weijun Wang
Weijun.Wang at Sun.COM
Tue May 19 04:42:22 UTC 2009
Hi All
Config.java in the sun/security/krb5 package searches for a key-entry
pair in a strange style:
1. If you call Config.getDefault("x"), this "x" can appear at any place,
in [libdefaults], in [capaths], or inside a REALM sub section of [realms].
2. If you call Config.getDefault("x", "y"), in getDefault("forwardable",
"lib_defaults") "lib_defaults" is a top section, and in
getDefaults("kdc", "THIS.REALM"), "THIS.REALM" is a sub-section in [realms].
This is just too flexible, and I don't believe we support looking for
kdc for a realm in the [capaths] section.
I'd like to create a new method called "getValue(String... keys)" which
simply drills into the config step by step, this means the kdc for a
realm should be 'getValue("realms", "REALM.NAME", "kdc")'.
Also, I would like to remove the special treatments for "realms",
"capaths" in the parseStanzaTable(*) method. I think Config should
simply accept any section and key names.
Case might be a problem, I'll see in which cases toLowerCase() or
equalsIgnoreCase() can be called.
What's your opinions?
Thanks
Max
More information about the security-dev
mailing list