RFR 8186884: Test native KDC, Java krb5 lib, and native krb5 lib in one test

Weijun Wang weijun.wang at oracle.com
Thu Sep 7 00:07:07 UTC 2017

Please take a review at


BasicProc.java is enhanced to use a native JGSS provider, and KDC.java is enhanced to start (not use) a native KDC. For example, you would be able to test interop among Java JGSS, native JGSS (with MIT krb5) and Heimdal KDC with

    jtreg -Dnative.krb5.lib=/usr/local/krb5/lib/libgssapi_krb5.so \
          -Dnative.kdc.path=/usr/local/heimdal \

Without those 2 new system properties, it behaves like before, i.e. Java GSS on the embedded KDC.

Another change in Context.java. Instead of using shared states to provide username and password when doing a krb5 login, a callback handler is used. This is considered more common. An extra permission is needed to read the default username (though I think this can coded as optional).


More information about the security-dev mailing list