JDK-8077102 : dns_lookup_realm should be false by default
- Type: Bug
- Component: security-libs
- Sub-Component: org.ietf.jgss:krb5
- Priority: P4
- Status: Closed
- Resolution: Fixed
- Submitted: 2015-04-07
- Updated: 2017-05-17
- Resolved: 2015-05-19
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 6 | JDK 7 | JDK 8 | JDK 9 |
|---|---|---|---|
| 6-poolResolved | 7u91Fixed | 8u60Fixed  |
9 b66Fixed |
Related Reports
|
Relates :
|
|
|
Relates :
|
Sub Tasks
|
JDK-8080639 :
|
Description
JDK-6552334 called for enabling DNS in Kerberos by default, but it was only meant for the dns_lookup_kdc option. The code change mistakenly changed default values for both dns_lookup_kdc and dns_lookup_realm. This should be fixed. MIT krb5 has dns_lookup_kdc being true and dns_lookup_realm false by default [1]. In more recent versions they no longer document this option at all but the default value is still false. [1] http://web.mit.edu/kerberos/krb5-1.10/krb5-1.10/doc/krb5-admin.html#libdefaults
Comments
|