Core review request: 8001104: Unbound SASL service: the GSSAPI/krb5 mech

Weijun Wang weijun.wang at oracle.com
Fri Jan 25 07:08:45 UTC 2013


Hi All

Please review this code change

   webrev: http://cr.openjdk.java.net/~weijun/8001104/webrev.01/
   bug: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8001104

This is the final part of unbound kerberos server, now on all three 
layers of using kerberos you don't need to specify a server name, i.e.

In SASL:

    Sasl.createServer("GSSAPI", "protocol", null, ...)

In JGSS:

    gssManager.createContext(null) or
    gssManager.createCredential(null, ...)

And in JAAS login config file

    server {
       com.sun.security.auth.module.Krb5LoginModule required
       principal=* useKeyTab=true;
    };

Thanks
Max



More information about the security-dev mailing list