Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8077102

dns_lookup_realm should be false by default

    XMLWordPrintable

    Details

      Backports

        Description

        JDK-6552334 called for enabling DNS in Kerberos by default, but it was only meant for the dns_lookup_kdc option. The code change mistakenly changed default values for both dns_lookup_kdc and dns_lookup_realm. This should be fixed.

        MIT krb5 has dns_lookup_kdc being true and dns_lookup_realm false by default [1]. In more recent versions they no longer document this option at all but the default value is still false.

        [1] http://web.mit.edu/kerberos/krb5-1.10/krb5-1.10/doc/krb5-admin.html#libdefaults

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                weijun Weijun Wang
                Reporter:
                weijun Weijun Wang
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: