code review request: 6960894: Better AS-REQ creation and processing
Weijun Wang
Weijun.Wang at Sun.COM
Sun Jun 13 15:02:18 UTC 2010
Hi Valerie and Andrew
Please review the following webrev:
http://cr.openjdk.java.net/~weijun/6960894/webrev.00
The major enhancement is KrbAsReqBuilder which generates AS-REQ, sends it, parses any response, and returns a Credentials object. The other big change is KrbKdcReq, it's no longer base class for KrbAsReq and KrbTgsReq, but mainly a vehicle for both kinds of KDC-REQ messages. Maybe it needs a name change?
Most other changes are about removing duplicate lines.
Thanks
Max
Begin forwarded message:
> *Change Request ID*: 6960894
> *Synopsis*: Better AS-REQ creation and processing
>
> === *Description* ============================================================
> The current AS-REQ creation and processing implementation:
>
> 1. spread into multiple source files and have duplicate codes
> 2. cannot deal with PA-DATA in AS-REP
> 3. only use a single salt, and write it into PrincipalName permanently
> 4. generate too many secret keys and have no consistent way to clear them
> 5. does not handle the preferences of PA-ETYPE-INFO2, PA-ETYPE-INFO correctly
More information about the security-dev
mailing list