code review request: 6969292: make DNS lookup for realm/kdc really work
Weijun Wang
Weijun.Wang at Sun.COM
Thu Jul 15 06:12:43 UTC 2010
Hi Valerie
6969292: make DNS lookup for realm/kdc really work
Webrev:
http://cr.openjdk.java.net/~weijun/6969292/webrev.00/
We've implemented DNS lookup for realm and kdc for some time, and have
made it default turned on in JDK 7. However, it's still not 100%
zero-configuration, a krb5.conf is needed to map hostname to realm.
This fix iterates thru ResolverConfiguration.open().searchlist() which
includes "search" or "domain" values in /etc/resolv.conf. The file
normally always exists on a linux/unix system. It would be nice to
directly get the "domain" name, but there's no public method to retrieve it.
Maybe this trick should be performed at JNDI/DNS level, where a one-word
query item be automatically appended with elements in srchlist. However,
JNDI is quite stable and I don't want to touch it.
Vinnie, any comment?
I've tried this on brand new solaris-i586 and linux-x64 (VM) systems
(inside the SunWAN) with no krb5.conf and it works fine.
I also fix a small error, "_udp." -> "_udp", because the dot is added
again in the getKerberosService(*,*) method. Several debug lines are added.
Thanks
Max
More information about the security-dev
mailing list