[security-dev 00820]: krb5 config searches for values in a strange way

Weijun Wang Weijun.Wang at Sun.COM
Tue May 19 04:42:22 UTC 2009


Hi All

Config.java in the sun/security/krb5 package searches for a key-entry
pair in a strange style:

1. If you call Config.getDefault("x"), this "x" can appear at any place,
in [libdefaults], in [capaths], or inside a REALM sub section of [realms].

2. If you call Config.getDefault("x", "y"), in getDefault("forwardable",
"lib_defaults") "lib_defaults" is a top section, and in
getDefaults("kdc", "THIS.REALM"), "THIS.REALM" is a sub-section in [realms].

This is just too flexible, and I don't believe we support looking for
kdc for a realm in the [capaths] section.

I'd like to create a new method called "getValue(String... keys)" which
simply drills into the config step by step, this means the kdc for a
realm should be 'getValue("realms", "REALM.NAME", "kdc")'.

Also, I would like to remove the special treatments for "realms",
"capaths" in the parseStanzaTable(*) method. I think Config should
simply accept any section and key names.

Case might be a problem, I'll see in which cases toLowerCase() or
equalsIgnoreCase() can be called.

What's your opinions?

Thanks
Max



More information about the security-dev mailing list