RFR 8149521: automatic discovery of LDAP servers with Kerberos authentication
Wang Weijun
weijun.wang at oracle.com
Tue May 10 13:34:35 UTC 2016
Hi All
Please take a review at
http://cr.openjdk.java.net/~weijun/8149521/webrev.00/
While the bug report [1] suggests we can fix com.sun.jndi.ldap.ServiceLocator to emit a trail-dot-less hostname, I am not sure if it's safe to do so. Anyway, the failure is on the Kerberos side and I believe this is a regression since we stop canonicalizing the hostname. Therefore I prefer to do a small "normalization" inside PrincipalName.
Thanks
Max
[1] https://bugs.openjdk.java.net/browse/JDK-8149521
More information about the security-dev
mailing list