> In DNS-based KDC discovery failures are exposed as generic 'KrbException: > Cannot locate KDC / Unable to locate KDC for realm <REALM>' with no > indication whether the underlying DNS SRV lookup failed due to NXDOMAIN, > SERVFAIL, or a communication timeout. > > To improve supportability, this patch updates > `KrbServiceLocator.getKerberosService(realm, protocol)` to rethrow the > original JNDI NamingException from the SRV lookup and attach a sanitized > failure category to the existing KrbException when both udp and tcp discovery > attempts fail, while preserving the original top level exception message. > `Config.getKDCFromDNS()` is updated to catch exception, sanitize it into the > relevant category to prevent leaking any senistive information and attach it > to the existing KrbException. > > > --------- > - [x] I confirm that I make this contribution in accordance with the [OpenJDK > Interim AI Policy](https://openjdk.org/legal/ai).
Kieran Farrell has updated the pull request incrementally with one additional commit since the last revision: restore krb exception comment ------------- Changes: - all: https://git.openjdk.org/jdk/pull/30824/files - new: https://git.openjdk.org/jdk/pull/30824/files/95f1c822..a14d962e Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=30824&range=02 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=30824&range=01-02 Stats: 2 lines in 1 file changed: 1 ins; 0 del; 1 mod Patch: https://git.openjdk.org/jdk/pull/30824.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/30824/head:pull/30824 PR: https://git.openjdk.org/jdk/pull/30824
