Hi Valerie Thanks! All suggestions accepted.
Webrev updated at http://cr.openjdk.java.net/~weijun/6844909/webrev.01 Thanks again Max On Mar 2, 2010, at 8:44 AM, Valerie Peng wrote: > Hi, Max, > > Changes look fine, here are some minor comments: > 1) In EType.java, line 60, 64 should be indented w/ one extra space. > 2) In EType.java, there should be comments added to "BUILTIN_ETYPES", and > "BUILTIN_ETYPES_NOAES256" mentioning about the first two entries are removed > when ALLOW_WEAK_CRYPTO is false. > 3) In EType.java, line 235 and 236 still mentions these weak crypto etypes > regardless. Shouldn't it be updated? > > Thanks, > Valerie > On 02/28/10 23:07, Max (Weijun) Wang wrote: >> Hi Valerie >> >> Can you please take a review on this fix? >> >> >> http://cr.openjdk.java.net/~weijun/6844909/webrev.00 >> >> >> Basically, when "allow_weak_crypto = false" is set in krb5.conf's >> [libdefaults], DES-related etypes will not be used. Note that this setting >> also removes any weak etypes in the default_*_enctypes settings. This config >> was added in MIT's krb5-1.7 and defaults to false in 1.8. However, for >> compatibility (which we care a lot in Java), its default value is still true >> in Java. >> >> Thanks >> Max >> >> >> >> >>> *Change Request ID*: 6844909 >>> >>> *Synopsis*: support allow_weak_crypto in krb5.conf >>> >>> >>> === *Description* >>> ============================================================ >>> Latest MIT krb5 supports a allow_weak_crypto key in krb5.conf, when set to >>> true, disallows DES be used in all kinds of etypes. We can support it also. >>> >>> Currently, MIT krb5's default value for this key is false, but it might >>> become true one day. >>> >>> >>> >> It's true in 1.8 now. >> >> >> >>> *** (#1 of 1): 2009-05-26 03:50:36 GMT+00:00 [email protected] >>> >>> >>> >> >> >> >
