RFR 8186884: Test native KDC, Java krb5 lib, and native krb5 lib in one test

Artem Smotrakov artem.smotrakov at oracle.com
Thu Sep 7 07:29:12 UTC 2017

Hi Max,

In general, looks fine to me. Below are a couple of comments you might 
want to address.

1. BasicProc.java, it might be better to use named constants for 
parameters for once() method. That would make it easier to understand 
what each particular onse() call does

+                    once(true, true, true); // pure java
+                    if (LIBNAME != null) {
+                        // save a cache for client
+                        Context.fromUserPass(USER, PASS, false)
+                                .ccache("ccache.base");
+                        once(false, false, false); // fail fast for all 
+                        once(false, true, true);
+                        once(false, true, false);
+                        once(false, false, true);
+                        once(true, true, false);
+                        once(true, false, true);
+                        once(true, false, false);

Enums may help, and might make it simper as well:

+        // Just a marker for which test case is finished
+        String label = (jc?"j":"n") + (js?"j":"n") + (jb?"j":"n");

2. BasicProc.java, could you please add an exception message?

+                if (!Arrays.equals(msg, msg2)) {
+                    throw new Exception();
+                }
+                break;

3. BasicProc.java, should the test do some cleanup then?

+            Files.copy(Paths.get("ccache.base"), Paths.get("ccache." + 


On 09/07/2017 03:07 AM, Weijun Wang wrote:
> Please take a review at
>     http://cr.openjdk.java.net/~weijun/8186884/webrev.00/
> BasicProc.java is enhanced to use a native JGSS provider, and KDC.java is enhanced to start (not use) a native KDC. For example, you would be able to test interop among Java JGSS, native JGSS (with MIT krb5) and Heimdal KDC with
>      jtreg -Dnative.krb5.lib=/usr/local/krb5/lib/libgssapi_krb5.so \
>            -Dnative.kdc.path=/usr/local/heimdal \
>            test/sun/security/krb5/auto/BasicProc.java
> Without those 2 new system properties, it behaves like before, i.e. Java GSS on the embedded KDC.
> Another change in Context.java. Instead of using shared states to provide username and password when doing a krb5 login, a callback handler is used. This is considered more common. An extra permission is needed to read the default username (though I think this can coded as optional).
> Thanks
> Max

More information about the security-dev mailing list