RFR 8210821: Support dns_canonicalize_hostname in krb5.conf
Weijun Wang
weijun.wang at oracle.com
Tue Oct 9 01:25:44 UTC 2018
> On Oct 9, 2018, at 3:01 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>
> The first sentence is a bit terse. Suggest changing it to:
>
> "The `dns_canonicalize_hostname` flag in the krb5.conf configuration file is now supported by the JDK Kerberos implementation."
>
> Also, you should probably spell out "FQDN".
>
> --Sean
>
> On 10/8/18 2:19 PM, Roger Riggs wrote:
>> Hi Max,
>> The release note is fine though it would more complete if it contained a link
>> to the krb5_conf.html where the behavior is described.
All suggestions above accepted. See http://java.us.oracle.com/cgi-bin/jdk/release/note?key=JDK-8211380.
>> The original issue https://bugs.openjdk.java.net/browse/JDK-8210821
>> describes the behavior if set to 'false', while the release note is written describing if it
>> is set to 'true'. Updating the original issue description to be from the same point (true)
>> of view might reduce any possible confusion about the behavior.
I've updated the bug description a little. It was written that way because the bug report is requesting for a chance to set it to false, but the release note should sound neutral. :-)
Thanks
Max
>> Thanks, Roger
>> On 10/08/2018 04:11 AM, Weijun Wang wrote:
>>> And please also review the release note at
>>>
>>> https://bugs.openjdk.java.net/browse/JDK-8211380
>>>
>>> The text is copied below:
>>>
>>> Supports the `dns_canonicalize_hostname` setting in krb5.conf. When set to true, a short hostname in a service principal name will be canonicalized to a FQDN if available. Otherwise, no canonicalization is performed. The default value is true. This is also the behvaior before JDK 12.
>>>
>>> Thanks
>>> Max
>>>
>>>
>>>> On Sep 29, 2018, at 8:15 AM, Valerie Peng <valerie.peng at oracle.com> wrote:
>>>>
>>>>
>>>> Sure, I like the new simplified result.
>>>>
>>>> Changes look fine,
>>>>
>>>> Valerie
>>>>
>>>>
>>>> On 9/26/2018 7:09 PM, Weijun Wang wrote:
>>>>> Webrev updated at https://cr.openjdk.java.net/~weijun/8210821/webrev.01.
>>>>>
>>>>>> On Sep 26, 2018, at 11:57 PM, Weijun Wang <weijun.wang at oracle.com> wrote:
>>>>>>
>>>>>> Hi Valerie
>>>>>>
>>>>>> I've updated the CSR to remove the "always canonicalize" choice and now the default is "true", i.e. the current "smart-canonicalization" behavior. It's 12am here and I'll update the webrev tomorrow.
>>>>>>
>>>>>> Thanks
>>>>>> Max
>>>>>>
>>>>>>> On Sep 18, 2018, at 8:52 AM, Valerie Peng <valerie.peng at oracle.com> wrote:
>>>>>>>
>>>>>>> Look fine to me. Added myself to CSR as reviewer.
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> Valerie
>>>>>>>
>>>>>>>
>>>>>>> On 9/17/2018 1:17 AM, Weijun Wang wrote:
>>>>>>>> Please review the code change and CSR at
>>>>>>>>
>>>>>>>> http://cr.openjdk.java.net/~weijun/8210821/webrev.00/
>>>>>>>> https://bugs.openjdk.java.net/browse/JDK-8210822
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>> Max
>>>>>>>>
More information about the security-dev
mailing list