[9] RFR: 8075301: Tests for sun.security.krb5.principal system property

Sibabrata Sahoo sibabrata.sahoo at oracle.com
Tue Jun 30 10:20:40 UTC 2015 

Hi Max,

Here is the updated webrev link.
http://cr.openjdk.java.net/~asmotrak/siba/8075301/webrev.02/

Changes: 
-	More test cases added and due to that there are changes in policy file. [createLoginContext.].
-	Combined the jaas configuration to a single file name "jaas.conf".
- 	Created a sub-directory inside the auto folder and moved the new Test into it. 
-	Removed KrbOption.java. 
-	startKDC() is made public.
-	Removed @Module annotation for now. This will be addressed as part of this bug [https://bugs.openjdk.java.net/browse/JDK-8130112] 

Thanks,
Siba



-----Original Message-----
From: Weijun Wang 
Sent: Tuesday, June 30, 2015 7:45 AM
To: Sibabrata Sahoo; Security Libs OpenJDK
Subject: Re: [9] RFR: 8075301: Tests for sun.security.krb5.principal system property

Hi Siba

There is one case not covered:

1. sun.security.krb5.principal not set
2. an existing principal set in jaas.conf

In your jaas.conf.principal, a non-existing 1USER principal is used. In fact, why not add both accounts into the KDC and then check if the login user is what you expected?

Historically, all krb5 tests that uses KDC.java is inside the auto sub-directory. Now that there are so many tests inside, I would still like creating sub-directories inside it instead of outside auto.

Also, do you intent to add more tests using KrbOption? The current usage of it looks unnecessary. I mean, why not simply

     public static void main(String[] args) throws Exception {
         runTest(true, "jaas.conf.principal",
                 "krb5.conf", "USER at TEST.REALM");
         runTest(false, "jaas.conf.principal",
                 "krb5.conf", null);
         runTest(true, "jaas.conf.noPrincipal",
                 "krb5.conf", "USER at TEST.REALM");
         runTest(false, "jaas.conf.noPrincipal",
                 "krb5.conf", null);
     }

KDC.java: Please make startKDC() public as it's designed to call from outside.

Thanks
Max

On 06/30/2015 02:14 AM, Sibabrata Sahoo wrote:
> Hello,
>
> Please review this fix for 9.
>
> The test uses JAAS authentication over Kerberos. The kerberos5 
> principal name can be specified in the configuration entry by using 
> the option principal. The principal can also be set using the system 
> property sun.security.krb5.principal. This property is checked during 
> login verification by Krb5LoginModule. If this property is not set, 
> then the principal name from the configuration is used. In the case 
> where the principal property is not set and the principal entry also 
> does not exist in the configuration file, then user is prompted for 
> the name depending on the underlying kerberos5 configuration, else the 
> login failure occurs.
>
> Changes:
>
> -Added a new test.
>
> -Moved the startKDC() method from UnboundSSLUtils.java to KDC.java.
>
> -Updated the method reference accordingly in depending tests.
>
> Bug: https://bugs.openjdk.java.net/browse/JDK-8075301
>
> Webrev:
>
> http://cr.openjdk.java.net/~asmotrak/siba/8075301/webrev.00/
> <http://cr.openjdk.java.net/%7Easmotrak/siba/8075301/webrev.00/>
>
> Thanks,
>
> Siba
>

More information about the security-dev mailing list