RFR: 8279064: New options for ktab to provide non-default salt [v2]
Weijun Wang
weijun at openjdk.java.net
Thu Jan 13 21:40:16 UTC 2022
> Please review this enhancement and its [CSR](https://bugs.openjdk.java.net/browse/JDK-8279632). Two new options `-s salt` and `-f` can be specified on the `ktab` command when adding entries.
>
> I'm a little concerned about the compatibility risk described in the CSR, i.e. the `-f` option is already used in `ktab -d` to force removing entries. Hopefully not many people are writing their own wrappers on ktab that always include the `-f` option. I do want to be consistent with the naming in the MIT krb5 ktutil command.
>
> Another thing worth mentioning is the [KerberosKey:<new>(KerberosPrincipal principal, char[] password, String algorithm)](https://github.com/openjdk/jdk/blob/3790e58090be25421e3e323eb29deea100b7608c/src/java.security.jgss/share/classes/javax/security/auth/kerberos/KerberosKey.java#L149) constructor which always uses the default salt. For consistency, it looks like a new constructor should be added that takes the salt string as a parameter as well. However, I don't intend to add it as I cannot see a proper usage for it. In fact, I now regret adding the constructor linked above.
Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
duplicate words, and another year
-------------
Changes:
- all: https://git.openjdk.java.net/jdk/pull/6991/files
- new: https://git.openjdk.java.net/jdk/pull/6991/files/e85a20a3..59e2002a
Webrevs:
- full: https://webrevs.openjdk.java.net/?repo=jdk&pr=6991&range=01
- incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=6991&range=00-01
Stats: 7 lines in 5 files changed: 0 ins; 0 del; 7 mod
Patch: https://git.openjdk.java.net/jdk/pull/6991.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/6991/head:pull/6991
PR: https://git.openjdk.java.net/jdk/pull/6991
More information about the security-dev
mailing list