Code review request: 7043737: klist does not detect non-existing keytab

Weijun Wang weijun.wang at oracle.com
Thu May 12 22:59:19 UTC 2011



On May 13, 2011, at 5:05 AM, "Valerie (Yu-Ching) Peng" <valerie.peng at oracle.com> wrote:

> The changes look fine.
> (I suppose you'll integrate this into the next 7u since this isn't a showstopper. But still want to finish the review now so I don't forget it later.)

Correct.

Thanks
Max

> Valerie
> 
> On 05/11/11 00:35, Weijun Wang wrote:
>> Hi Valerie
>> 
>> http://cr.openjdk.java.net/~weijun/7043737/webrev.00/
>> 
>> Not only a missing keytab is detected, but also an invalid one, where I use a similar error message like the native klist:
>> 
>> $ klist -k ASSEMBLY_EXCEPTION
>> Keytab name: WRFILE:ASSEMBLY_EXCEPTION
>> klist: Unsupported key table format version number while starting keytab scan
>> 
>> I'll ask for JDK 7 approval for this bug.
>> 
>> Thanks
>> Max
>> 
>> 
>> -------- Original Message --------
>> *Change Request ID*: 7043737
>> *Synopsis*: klist does not detect non-existing keytab
>> 
>> === *Description* ============================================================
>> Since "6894072: always refresh keytab", we support "dynamic" keytabs which means a keytab file can change during the execution of a program, this even includes accepting a non-existing keytab at the beginning and read it when it appears at a later time.
>> 
>> On the other hand, the klist tool is used to list the current content of a static keytab file. When the file does not exist, we should warn the user. This behavior is also consistent with klist from other vendors.
>> 
> 



More information about the security-dev mailing list