code review request: 6894072: always refresh keytab

Weijun Wang at
Wed Dec 1 01:46:02 PST 2010

Hi Valerie

The webrev is at --


1. New javax..KeyTab, updated sun..KeyTab. As the impl note in 
javax..KeyTab says: the former is a name with dynamic content, the 
latter is a snapshot of a file.

2. Now Subject can have private credentials with type KeyTab. Thus the 
content of Krb5AcceptCredential is not only keys. Krb5Util defines an 
expandable ServiceCreds class for this purpose.

3. KrbAsReqBuilder was constructed with password or keys, now with 
password or keytab. Kinit and Krb5LoginModule updated accordingly.

4. Having parallel defined KerberosKey/KerberosPrincipal and 
EncrytionKey/PrincipalName is complicated. Special Unsafe methods are 
defined to get EncryptionKey thru a PrincipalName from new 
javax..KeyTab. Might look into consolidate data types some day.


-------- The Bug --------
*Change Request ID*: 6894072
*Synopsis*: always refresh keytab

   Product: java
   Category: jgss
   Subcategory: krb5plugin
   Type: RFE

=== *Description* ======================================
info from keytab should be refreshed at every security context 
establishment in Kerberos.

More information about the security-dev mailing list