RFR 8029995: accept yes/no for boolean krb5.conf settings

Wang Weijun weijun.wang at oracle.com
Fri Apr 4 11:00:27 UTC 2014


Updated webrev at

   http://cr.openjdk.java.net/~weijun/8029995/webrev.01

Several differences:

1. Only true/false/yes/no are supported now.

2. Some words in javax/security/auth/kerberos/package-info.java

3. getBoolean() renamed to getBooleanObject() because it's quite easy to forget the return value is a Boolean (instead of boolean) and could be null.

Thanks
Max

On Jan 29, 2014, at 5:46, Sean Mullan <sean.mullan at oracle.com> wrote:

> On 01/28/2014 03:53 AM, Wang Weijun wrote:
>> Please review the fix at
>> 
>> http://cr.openjdk.java.net/~weijun/8029995/webrev.00/
>> 
>> The supported boolean values in this fix cover what MIT krb5 does and
>> we also added 'f'.
>> 
>> The old getBooleanValue() method returns true for “true” and false
>> otherwise but the new method returns null if the value is not
>> supported. I’ve carefully changed how the method is called to ensure
>> maximum compatibility, but there is still one left:
>> 
>> We support DNS lookup for realm name by default, which means we do it
>> if dns_lookup_realm is not set to false, or when unset, if
>> dns_fallback is not set to false. Before this change, when
>> dns_lookup_realm is set to “unknown”, it means false so DNS lookup is
>> not performed. After this change, it’s equivalent to dns_lookup_realm
>> unset, and dns_fallback is used. I think the current behavior is
>> better than the old one.
> 
> I agree, but since it is a behavior change, it should be specified in the CCC and release notes.
> 
> Fix looks fine otherwise.
> 
> --Sean
> 




More information about the security-dev mailing list