Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8077102

dns_lookup_realm should be false by default

    Details

      Backports

        Description

        JDK-6552334 called for enabling DNS in Kerberos by default, but it was only meant for the dns_lookup_kdc option. The code change mistakenly changed default values for both dns_lookup_kdc and dns_lookup_realm. This should be fixed.

        MIT krb5 has dns_lookup_kdc being true and dns_lookup_realm false by default [1]. In more recent versions they no longer document this option at all but the default value is still false.

        [1] http://web.mit.edu/kerberos/krb5-1.10/krb5-1.10/doc/krb5-admin.html#libdefaults

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  weijun Weijun Wang
                  Reporter:
                  weijun Weijun Wang
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: