RFR 8210821: Support dns_canonicalize_hostname in krb5.conf

Sean Mullan sean.mullan at oracle.com
Mon Oct 8 19:01:54 UTC 2018 

The first sentence is a bit terse. Suggest changing it to:

"The `dns_canonicalize_hostname` flag in the krb5.conf configuration 
file is now supported by the JDK Kerberos implementation."

Also, you should probably spell out "FQDN".

--Sean

On 10/8/18 2:19 PM, Roger Riggs wrote:
> Hi Max,
> 
> The release note is fine though it would more complete if it contained a 
> link
> to the krb5_conf.html where the behavior is described.
> 
> The original issue https://bugs.openjdk.java.net/browse/JDK-8210821
> describes the behavior if set to 'false', while the release note is 
> written describing if it
> is set to 'true'.  Updating the original issue description to be from 
> the same point (true)
> of view might reduce any possible confusion about the behavior.
> 
> Thanks, Roger
> 
> 
> On 10/08/2018 04:11 AM, Weijun Wang wrote:
>> And please also review the release note at
>>
>>     https://bugs.openjdk.java.net/browse/JDK-8211380
>>
>> The text is copied below:
>>
>> Supports the `dns_canonicalize_hostname` setting in krb5.conf. When 
>> set to true, a short hostname in a service principal name will be 
>> canonicalized to a FQDN if available. Otherwise, no canonicalization 
>> is performed. The default value is true. This is also the behvaior 
>> before JDK 12.
>>
>> Thanks
>> Max
>>
>>
>>> On Sep 29, 2018, at 8:15 AM, Valerie Peng <valerie.peng at oracle.com> 
>>> wrote:
>>>
>>>
>>> Sure, I like the new simplified result.
>>>
>>> Changes look fine,
>>>
>>> Valerie
>>>
>>>
>>> On 9/26/2018 7:09 PM, Weijun Wang wrote:
>>>> Webrev updated at 
>>>> https://cr.openjdk.java.net/~weijun/8210821/webrev.01.
>>>>
>>>>> On Sep 26, 2018, at 11:57 PM, Weijun Wang <weijun.wang at oracle.com> 
>>>>> wrote:
>>>>>
>>>>> Hi Valerie
>>>>>
>>>>> I've updated the CSR to remove the "always canonicalize" choice and 
>>>>> now the default is "true", i.e. the current 
>>>>> "smart-canonicalization" behavior. It's 12am here and I'll update 
>>>>> the webrev tomorrow.
>>>>>
>>>>> Thanks
>>>>> Max
>>>>>
>>>>>> On Sep 18, 2018, at 8:52 AM, Valerie Peng 
>>>>>> <valerie.peng at oracle.com> wrote:
>>>>>>
>>>>>> Look fine to me. Added myself to CSR as reviewer.
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Valerie
>>>>>>
>>>>>>
>>>>>> On 9/17/2018 1:17 AM, Weijun Wang wrote:
>>>>>>> Please review the code change and CSR at
>>>>>>>
>>>>>>>    http://cr.openjdk.java.net/~weijun/8210821/webrev.00/
>>>>>>>    https://bugs.openjdk.java.net/browse/JDK-8210822
>>>>>>>
>>>>>>> Thanks
>>>>>>> Max
>>>>>>>
>

More information about the security-dev mailing list