Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8077102

dns_lookup_realm should be false by default

XMLWordPrintable

        JDK-6552334 called for enabling DNS in Kerberos by default, but it was only meant for the dns_lookup_kdc option. The code change mistakenly changed default values for both dns_lookup_kdc and dns_lookup_realm. This should be fixed.

        MIT krb5 has dns_lookup_kdc being true and dns_lookup_realm false by default [1]. In more recent versions they no longer document this option at all but the default value is still false.

        [1] http://web.mit.edu/kerberos/krb5-1.10/krb5-1.10/doc/krb5-admin.html#libdefaults

              weijun Weijun Wang
              weijun Weijun Wang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: