Code review request: 7043737: klist does not detect non-existing keytab
Valerie (Yu-Ching) Peng
valerie.peng at oracle.com
Thu May 12 21:05:37 UTC 2011
The changes look fine.
(I suppose you'll integrate this into the next 7u since this isn't a
showstopper. But still want to finish the review now so I don't forget
it later.)
Valerie
On 05/11/11 00:35, Weijun Wang wrote:
> Hi Valerie
>
> http://cr.openjdk.java.net/~weijun/7043737/webrev.00/
>
> Not only a missing keytab is detected, but also an invalid one, where
> I use a similar error message like the native klist:
>
> $ klist -k ASSEMBLY_EXCEPTION
> Keytab name: WRFILE:ASSEMBLY_EXCEPTION
> klist: Unsupported key table format version number while starting
> keytab scan
>
> I'll ask for JDK 7 approval for this bug.
>
> Thanks
> Max
>
>
> -------- Original Message --------
> *Change Request ID*: 7043737
> *Synopsis*: klist does not detect non-existing keytab
>
> === *Description*
> ============================================================
> Since "6894072: always refresh keytab", we support "dynamic" keytabs
> which means a keytab file can change during the execution of a
> program, this even includes accepting a non-existing keytab at the
> beginning and read it when it appears at a later time.
>
> On the other hand, the klist tool is used to list the current content
> of a static keytab file. When the file does not exist, we should warn
> the user. This behavior is also consistent with klist from other vendors.
>
More information about the security-dev
mailing list