code review request: 7076415: sun/security/krb5/runNameEquals.sh failed on sles 10
Weijun Wang
weijun.wang at oracle.com
Wed Aug 10 11:30:03 UTC 2011
On 08/10/2011 07:24 PM, Xuelei Fan wrote:
> Is it necessary to enable debug log in runNameEquals.sh?
Not really, I will remove it.
Thanks
Max
>
> Otherwise, looks fine to me.
>
> Xuelei
>
> On 8/10/2011 6:00 PM, Weijun Wang wrote:
>> Hi Valerie/Xuelei
>>
>> Webrev at http://cr.openjdk.java.net/~weijun/7076415/webrev.00/
>>
>> The test fails when running the native JGSS provider on a sles (SUSE
>> Linux Enterprise Server) machine throwing:
>>
>> Exception in thread "main" GSSException: Invalid name provided
>> (Mechanism level: Hostname cannot be canonicalized)
>> at sun.security.jgss.wrapper.GSSLibStub.importName(Native Method)
>>
>> I've seen this before but cannot find an old CR for it. The method
>> called is
>>
>> gssManager.createName("service at host",...)
>>
>> This "host" is not the name of a real host. On most systems, either
>> hostname canonicalization is not performed, or there is a fallback
>> mechanism, the method does not report any error and the test succeeds.
>> However, on this sles machine, an exception is thrown.
>>
>> I don't have any control on the native GSS's importName method, so I can
>> only try my best to provide a name it can resolve. The only such name I
>> can think of is "localhost".
>>
>> The test currently uses 2 GSSName, "service at host" and "service at host2".
>> Since I can only find one good hostname, I update it to same host with
>> different service names, i.e. "service at localhost" and
>> "service2 at localhost". Hopefully this still matches the purpose of the
>> test. The original author is Xuelei.
>>
>> I can reproduce the failure on the failed machine, and it succeeds after
>> the code change.
>>
>> Just submitted a JPRT job.
>>
>> Thanks
>> Max
>
More information about the security-dev
mailing list