code review request: 6969292: make DNS lookup for realm/kdc really work

Weijun Wang Weijun.Wang at Sun.COM
Wed Jul 14 23:12:43 PDT 2010


Hi Valerie

6969292: make DNS lookup for realm/kdc really work

Webrev:
   http://cr.openjdk.java.net/~weijun/6969292/webrev.00/

We've implemented DNS lookup for realm and kdc for some time, and have
made it default turned on in JDK 7. However, it's still not 100%
zero-configuration, a krb5.conf is needed to map hostname to realm.

This fix iterates thru ResolverConfiguration.open().searchlist() which 
includes "search" or "domain" values in /etc/resolv.conf. The file 
normally always exists on a linux/unix system. It would be nice to 
directly get the "domain" name, but there's no public method to retrieve it.

Maybe this trick should be performed at JNDI/DNS level, where a one-word 
query item be automatically appended with elements in srchlist. However, 
JNDI is quite stable and I don't want to touch it.

Vinnie, any comment?

I've tried this on brand new solaris-i586 and linux-x64 (VM) systems 
(inside the SunWAN) with no krb5.conf and it works fine.

I also fix a small error, "_udp." -> "_udp", because the dot is added 
again in the getKerberosService(*,*) method. Several debug lines are added.

Thanks
Max





More information about the security-dev mailing list