Kerberos codes in Apple's Java

Weijun Wang weijun.wang at oracle.com
Fri Oct 14 18:55:01 PDT 2011


On Oct 14, 2011, at 5:50 PM, Bino George <bino at apple.com> wrote:

> Hi Max,
> 
>> 1. Looking for krb5.conf at /Library/Preferences/edu.mit.Kerberos
> 
> I filed http://java.net/jira/browse/MACOSX_PORT-566 which tracks this feature. This should be fairly straight forward to port it from JDK6. We fixed JDK6 in Lion to also read the Kerberos config from SCDynamicStore as /Library/Preferences/edu.mit.Kerberos is not maintained in Lion.

Good.

> 
>> 2. Reading native memory-based credentials cache into Credentials objects
> 
> I don't think we do this in JDK6 either. 

Oh, I thought OS X's kinit does not generate a /tmp/krb5cc_name file. Isn't the ccache memory-based? Or, it's stored at somewhere else?

Thanks
Max


> 
> Regards
> Bino.
> 
> 
> 
> On Oct 14, 2011, at 10:38 AM, Weijun Wang wrote:
> 
>> Hi Mike
>> 
>> I'm working in the Java SE Security Team in Oracle. Apple's JRE (at least in the JDK 6 releases) supports some extra Kerberos features for OS X. As I know, at least there are:
>> 
>> 1. Looking for krb5.conf at /Library/Preferences/edu.mit.Kerberos
>> 2. Reading native memory-based credentials cache into Credentials objects
>> 
>> I didn't see them on the Project Status page [1]. Is it because they are too trivial to be listed or you're not going to support them?
>> 
>> Thanks
>> Max
>> 
>> [1] http://wikis.sun.com/display/OpenJDK/Mac+OS+X+Port+Project+Status
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/security-dev/attachments/20111014/885c8c1d/attachment.html 


More information about the security-dev mailing list