RFR 8210821: Support dns_canonicalize_hostname in krb5.conf

Weijun Wang weijun.wang at oracle.com
Tue Oct 9 01:25:44 UTC 2018



> On Oct 9, 2018, at 3:01 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
> 
> The first sentence is a bit terse. Suggest changing it to:
> 
> "The `dns_canonicalize_hostname` flag in the krb5.conf configuration file is now supported by the JDK Kerberos implementation."
> 
> Also, you should probably spell out "FQDN".
> 
> --Sean
> 
> On 10/8/18 2:19 PM, Roger Riggs wrote:
>> Hi Max,
>> The release note is fine though it would more complete if it contained a link
>> to the krb5_conf.html where the behavior is described.

All suggestions above accepted. See http://java.us.oracle.com/cgi-bin/jdk/release/note?key=JDK-8211380.

>> The original issue https://bugs.openjdk.java.net/browse/JDK-8210821
>> describes the behavior if set to 'false', while the release note is written describing if it
>> is set to 'true'.  Updating the original issue description to be from the same point (true)
>> of view might reduce any possible confusion about the behavior.

I've updated the bug description a little. It was written that way because the bug report is requesting for a chance to set it to false, but the release note should sound neutral. :-)

Thanks
Max

>> Thanks, Roger
>> On 10/08/2018 04:11 AM, Weijun Wang wrote:
>>> And please also review the release note at
>>> 
>>>     https://bugs.openjdk.java.net/browse/JDK-8211380
>>> 
>>> The text is copied below:
>>> 
>>> Supports the `dns_canonicalize_hostname` setting in krb5.conf. When set to true, a short hostname in a service principal name will be canonicalized to a FQDN if available. Otherwise, no canonicalization is performed. The default value is true. This is also the behvaior before JDK 12.
>>> 
>>> Thanks
>>> Max
>>> 
>>> 
>>>> On Sep 29, 2018, at 8:15 AM, Valerie Peng <valerie.peng at oracle.com> wrote:
>>>> 
>>>> 
>>>> Sure, I like the new simplified result.
>>>> 
>>>> Changes look fine,
>>>> 
>>>> Valerie
>>>> 
>>>> 
>>>> On 9/26/2018 7:09 PM, Weijun Wang wrote:
>>>>> Webrev updated at https://cr.openjdk.java.net/~weijun/8210821/webrev.01.
>>>>> 
>>>>>> On Sep 26, 2018, at 11:57 PM, Weijun Wang <weijun.wang at oracle.com> wrote:
>>>>>> 
>>>>>> Hi Valerie
>>>>>> 
>>>>>> I've updated the CSR to remove the "always canonicalize" choice and now the default is "true", i.e. the current "smart-canonicalization" behavior. It's 12am here and I'll update the webrev tomorrow.
>>>>>> 
>>>>>> Thanks
>>>>>> Max
>>>>>> 
>>>>>>> On Sep 18, 2018, at 8:52 AM, Valerie Peng <valerie.peng at oracle.com> wrote:
>>>>>>> 
>>>>>>> Look fine to me. Added myself to CSR as reviewer.
>>>>>>> 
>>>>>>> Thanks,
>>>>>>> 
>>>>>>> Valerie
>>>>>>> 
>>>>>>> 
>>>>>>> On 9/17/2018 1:17 AM, Weijun Wang wrote:
>>>>>>>> Please review the code change and CSR at
>>>>>>>> 
>>>>>>>>    http://cr.openjdk.java.net/~weijun/8210821/webrev.00/
>>>>>>>>    https://bugs.openjdk.java.net/browse/JDK-8210822
>>>>>>>> 
>>>>>>>> Thanks
>>>>>>>> Max
>>>>>>>> 




More information about the security-dev mailing list