[9] RFR: 8075301: Tests for sun.security.krb5.principal system property

Weijun Wang weijun.wang at oracle.com
Tue Jun 30 10:28:44 UTC 2015


Hi Siba

The code change looks fine.

If you need someone to sponsor the bug and push the changeset, just tell 
me your openjdk user name (or email if you haven't one yet) and I'll do 
that for you. Please make sure the changeset passes jcheck first.

Thanks
Max

On 06/30/2015 06:20 PM, Sibabrata Sahoo wrote:
> Hi Max,
>
> Here is the updated webrev link.
> http://cr.openjdk.java.net/~asmotrak/siba/8075301/webrev.02/
>
> Changes:
> -	More test cases added and due to that there are changes in policy file. [createLoginContext.].
> -	Combined the jaas configuration to a single file name "jaas.conf".
> - 	Created a sub-directory inside the auto folder and moved the new Test into it.
> -	Removed KrbOption.java.
> -	startKDC() is made public.
> -	Removed @Module annotation for now. This will be addressed as part of this bug [https://bugs.openjdk.java.net/browse/JDK-8130112]
>
> Thanks,
> Siba
>
>
>
> -----Original Message-----
> From: Weijun Wang
> Sent: Tuesday, June 30, 2015 7:45 AM
> To: Sibabrata Sahoo; Security Libs OpenJDK
> Subject: Re: [9] RFR: 8075301: Tests for sun.security.krb5.principal system property
>
> Hi Siba
>
> There is one case not covered:
>
> 1. sun.security.krb5.principal not set
> 2. an existing principal set in jaas.conf
>
> In your jaas.conf.principal, a non-existing 1USER principal is used. In fact, why not add both accounts into the KDC and then check if the login user is what you expected?
>
> Historically, all krb5 tests that uses KDC.java is inside the auto sub-directory. Now that there are so many tests inside, I would still like creating sub-directories inside it instead of outside auto.
>
> Also, do you intent to add more tests using KrbOption? The current usage of it looks unnecessary. I mean, why not simply
>
>       public static void main(String[] args) throws Exception {
>           runTest(true, "jaas.conf.principal",
>                   "krb5.conf", "USER at TEST.REALM");
>           runTest(false, "jaas.conf.principal",
>                   "krb5.conf", null);
>           runTest(true, "jaas.conf.noPrincipal",
>                   "krb5.conf", "USER at TEST.REALM");
>           runTest(false, "jaas.conf.noPrincipal",
>                   "krb5.conf", null);
>       }
>
> KDC.java: Please make startKDC() public as it's designed to call from outside.
>
> Thanks
> Max
>
> On 06/30/2015 02:14 AM, Sibabrata Sahoo wrote:
>> Hello,
>>
>> Please review this fix for 9.
>>
>> The test uses JAAS authentication over Kerberos. The kerberos5
>> principal name can be specified in the configuration entry by using
>> the option principal. The principal can also be set using the system
>> property sun.security.krb5.principal. This property is checked during
>> login verification by Krb5LoginModule. If this property is not set,
>> then the principal name from the configuration is used. In the case
>> where the principal property is not set and the principal entry also
>> does not exist in the configuration file, then user is prompted for
>> the name depending on the underlying kerberos5 configuration, else the
>> login failure occurs.
>>
>> Changes:
>>
>> -Added a new test.
>>
>> -Moved the startKDC() method from UnboundSSLUtils.java to KDC.java.
>>
>> -Updated the method reference accordingly in depending tests.
>>
>> Bug: https://bugs.openjdk.java.net/browse/JDK-8075301
>>
>> Webrev:
>>
>> http://cr.openjdk.java.net/~asmotrak/siba/8075301/webrev.00/
>> <http://cr.openjdk.java.net/%7Easmotrak/siba/8075301/webrev.00/>
>>
>> Thanks,
>>
>> Siba
>>



More information about the security-dev mailing list