RFR 8149521: automatic discovery of LDAP servers with Kerberos authentication

Wang Weijun weijun.wang at oracle.com
Tue May 10 13:34:35 UTC 2016


Hi All

Please take a review at 

   http://cr.openjdk.java.net/~weijun/8149521/webrev.00/

While the bug report [1] suggests we can fix com.sun.jndi.ldap.ServiceLocator to emit a trail-dot-less hostname, I am not sure if it's safe to do so. Anyway, the failure is on the Kerberos side and I believe this is a regression since we stop canonicalizing the hostname. Therefore I prefer to do a small "normalization" inside PrincipalName.

Thanks
Max

[1] https://bugs.openjdk.java.net/browse/JDK-8149521


More information about the security-dev mailing list