code review request: 6969292: make DNS lookup for realm/kdc really work

Weijun Wang Weijun.Wang at Sun.COM
Fri Jul 16 06:23:11 UTC 2010


Updated webrev:

http://cr.openjdk.java.net/~weijun/6969292/webrev.01/

Changes:

checkRealm() return null instead of throwing an exception. (Thanks, Alan).

Thanks
Max


On 07/15/2010 02:12 PM, Weijun Wang wrote:
> Hi Valerie
>
> 6969292: make DNS lookup for realm/kdc really work
>
> Webrev:
> http://cr.openjdk.java.net/~weijun/6969292/webrev.00/
>
> We've implemented DNS lookup for realm and kdc for some time, and have
> made it default turned on in JDK 7. However, it's still not 100%
> zero-configuration, a krb5.conf is needed to map hostname to realm.
>
> This fix iterates thru ResolverConfiguration.open().searchlist() which
> includes "search" or "domain" values in /etc/resolv.conf. The file
> normally always exists on a linux/unix system. It would be nice to
> directly get the "domain" name, but there's no public method to retrieve
> it.
>
> Maybe this trick should be performed at JNDI/DNS level, where a one-word
> query item be automatically appended with elements in srchlist. However,
> JNDI is quite stable and I don't want to touch it.
>
> Vinnie, any comment?
>
> I've tried this on brand new solaris-i586 and linux-x64 (VM) systems
> (inside the SunWAN) with no krb5.conf and it works fine.
>
> I also fix a small error, "_udp." -> "_udp", because the dot is added
> again in the getKerberosService(*,*) method. Several debug lines are added.
>
> Thanks
> Max
>
>



More information about the security-dev mailing list