code review request: 6969292: make DNS lookup for realm/kdc really work

Weijun Wang Weijun.Wang at Sun.COM
Thu Jul 15 23:23:11 PDT 2010

Updated webrev:


checkRealm() return null instead of throwing an exception. (Thanks, Alan).


On 07/15/2010 02:12 PM, Weijun Wang wrote:
> Hi Valerie
> 6969292: make DNS lookup for realm/kdc really work
> Webrev:
> We've implemented DNS lookup for realm and kdc for some time, and have
> made it default turned on in JDK 7. However, it's still not 100%
> zero-configuration, a krb5.conf is needed to map hostname to realm.
> This fix iterates thru which
> includes "search" or "domain" values in /etc/resolv.conf. The file
> normally always exists on a linux/unix system. It would be nice to
> directly get the "domain" name, but there's no public method to retrieve
> it.
> Maybe this trick should be performed at JNDI/DNS level, where a one-word
> query item be automatically appended with elements in srchlist. However,
> JNDI is quite stable and I don't want to touch it.
> Vinnie, any comment?
> I've tried this on brand new solaris-i586 and linux-x64 (VM) systems
> (inside the SunWAN) with no krb5.conf and it works fine.
> I also fix a small error, "_udp." -> "_udp", because the dot is added
> again in the getKerberosService(*,*) method. Several debug lines are added.
> Thanks
> Max

More information about the security-dev mailing list