Hi Siba
The code change looks fine.
If you need someone to sponsor the bug and push the changeset, just tell
me your openjdk user name (or email if you haven't one yet) and I'll do
that for you. Please make sure the changeset passes jcheck first.
Thanks
Max
On 06/30/2015 06:20 PM, Sibabrata Sahoo wrote:
Hi Max,
Here is the updated webrev link.
http://cr.openjdk.java.net/~asmotrak/siba/8075301/webrev.02/
Changes:
- More test cases added and due to that there are changes in policy file.
[createLoginContext.].
- Combined the jaas configuration to a single file name "jaas.conf".
- Created a sub-directory inside the auto folder and moved the new Test
into it.
- Removed KrbOption.java.
- startKDC() is made public.
- Removed @Module annotation for now. This will be addressed as part of
this bug [https://bugs.openjdk.java.net/browse/JDK-8130112]
Thanks,
Siba
-----Original Message-----
From: Weijun Wang
Sent: Tuesday, June 30, 2015 7:45 AM
To: Sibabrata Sahoo; Security Libs OpenJDK
Subject: Re: [9] RFR: 8075301: Tests for sun.security.krb5.principal system
property
Hi Siba
There is one case not covered:
1. sun.security.krb5.principal not set
2. an existing principal set in jaas.conf
In your jaas.conf.principal, a non-existing 1USER principal is used. In fact,
why not add both accounts into the KDC and then check if the login user is what
you expected?
Historically, all krb5 tests that uses KDC.java is inside the auto
sub-directory. Now that there are so many tests inside, I would still like
creating sub-directories inside it instead of outside auto.
Also, do you intent to add more tests using KrbOption? The current usage of it
looks unnecessary. I mean, why not simply
public static void main(String[] args) throws Exception {
runTest(true, "jaas.conf.principal",
"krb5.conf", "[email protected]");
runTest(false, "jaas.conf.principal",
"krb5.conf", null);
runTest(true, "jaas.conf.noPrincipal",
"krb5.conf", "[email protected]");
runTest(false, "jaas.conf.noPrincipal",
"krb5.conf", null);
}
KDC.java: Please make startKDC() public as it's designed to call from outside.
Thanks
Max
On 06/30/2015 02:14 AM, Sibabrata Sahoo wrote:
Hello,
Please review this fix for 9.
The test uses JAAS authentication over Kerberos. The kerberos5
principal name can be specified in the configuration entry by using
the option principal. The principal can also be set using the system
property sun.security.krb5.principal. This property is checked during
login verification by Krb5LoginModule. If this property is not set,
then the principal name from the configuration is used. In the case
where the principal property is not set and the principal entry also
does not exist in the configuration file, then user is prompted for
the name depending on the underlying kerberos5 configuration, else the
login failure occurs.
Changes:
-Added a new test.
-Moved the startKDC() method from UnboundSSLUtils.java to KDC.java.
-Updated the method reference accordingly in depending tests.
Bug: https://bugs.openjdk.java.net/browse/JDK-8075301
Webrev:
http://cr.openjdk.java.net/~asmotrak/siba/8075301/webrev.00/
<http://cr.openjdk.java.net/%7Easmotrak/siba/8075301/webrev.00/>
Thanks,
Siba
