code review request: 6894072: always refresh keytab
Weijun Wang
weijun.wang at oracle.com
Wed Dec 1 09:46:02 UTC 2010
Hi Valerie
The webrev is at --
http://cr.openjdk.java.net/~weijun/6894072/webrev.00/
Changes:
1. New javax..KeyTab, updated sun..KeyTab. As the impl note in
javax..KeyTab says: the former is a name with dynamic content, the
latter is a snapshot of a file.
2. Now Subject can have private credentials with type KeyTab. Thus the
content of Krb5AcceptCredential is not only keys. Krb5Util defines an
expandable ServiceCreds class for this purpose.
3. KrbAsReqBuilder was constructed with password or keys, now with
password or keytab. Kinit and Krb5LoginModule updated accordingly.
4. Having parallel defined KerberosKey/KerberosPrincipal and
EncrytionKey/PrincipalName is complicated. Special Unsafe methods are
defined to get EncryptionKey thru a PrincipalName from new
javax..KeyTab. Might look into consolidate data types some day.
Thanks
Max
-------- The Bug --------
*Change Request ID*: 6894072
*Synopsis*: always refresh keytab
Product: java
Category: jgss
Subcategory: krb5plugin
Type: RFE
=== *Description* ======================================
info from keytab should be refreshed at every security context
establishment in Kerberos.
More information about the security-dev
mailing list