code review request: 6969292: make DNS lookup for realm/kdc really work
Valerie (Yu-Ching) Peng
valerie.peng at oracle.com
Fri Jul 16 15:06:19 PDT 2010
Looks fine except the following minor nit:
- Why not return realm on line 1224 after a match is found? Doesn't seem
necessary to continue w/ the whole for-loop.
Thanks,
Valerie
On 07/15/10 23:23, Weijun Wang wrote:
> Updated webrev:
>
> http://cr.openjdk.java.net/~weijun/6969292/webrev.01/
>
> Changes:
>
> checkRealm() return null instead of throwing an exception. (Thanks,
> Alan).
>
> Thanks
> Max
>
>
> On 07/15/2010 02:12 PM, Weijun Wang wrote:
>> Hi Valerie
>>
>> 6969292: make DNS lookup for realm/kdc really work
>>
>> Webrev:
>> http://cr.openjdk.java.net/~weijun/6969292/webrev.00/
>>
>> We've implemented DNS lookup for realm and kdc for some time, and have
>> made it default turned on in JDK 7. However, it's still not 100%
>> zero-configuration, a krb5.conf is needed to map hostname to realm.
>>
>> This fix iterates thru ResolverConfiguration.open().searchlist() which
>> includes "search" or "domain" values in /etc/resolv.conf. The file
>> normally always exists on a linux/unix system. It would be nice to
>> directly get the "domain" name, but there's no public method to retrieve
>> it.
>>
>> Maybe this trick should be performed at JNDI/DNS level, where a one-word
>> query item be automatically appended with elements in srchlist. However,
>> JNDI is quite stable and I don't want to touch it.
>>
>> Vinnie, any comment?
>>
>> I've tried this on brand new solaris-i586 and linux-x64 (VM) systems
>> (inside the SunWAN) with no krb5.conf and it works fine.
>>
>> I also fix a small error, "_udp." -> "_udp", because the dot is added
>> again in the getKerberosService(*,*) method. Several debug lines are
>> added.
>>
>> Thanks
>> Max
>>
>>
More information about the security-dev
mailing list