Code review request: 7043737: klist does not detect non-existing keytab
Weijun Wang
weijun.wang at oracle.com
Wed May 11 00:35:11 PDT 2011
Hi Valerie
http://cr.openjdk.java.net/~weijun/7043737/webrev.00/
Not only a missing keytab is detected, but also an invalid one, where I
use a similar error message like the native klist:
$ klist -k ASSEMBLY_EXCEPTION
Keytab name: WRFILE:ASSEMBLY_EXCEPTION
klist: Unsupported key table format version number while starting keytab
scan
I'll ask for JDK 7 approval for this bug.
Thanks
Max
-------- Original Message --------
*Change Request ID*: 7043737
*Synopsis*: klist does not detect non-existing keytab
=== *Description*
============================================================
Since "6894072: always refresh keytab", we support "dynamic" keytabs
which means a keytab file can change during the execution of a program,
this even includes accepting a non-existing keytab at the beginning and
read it when it appears at a later time.
On the other hand, the klist tool is used to list the current content of
a static keytab file. When the file does not exist, we should warn the
user. This behavior is also consistent with klist from other vendors.
More information about the security-dev
mailing list