On Thu, 13 Jan 2022 19:51:21 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> Please review this enhancement and its >> [CSR](https://bugs.openjdk.java.net/browse/JDK-8279632). Two new options `-s >> salt` and `-f` can be specified on the `ktab` command when adding entries. >> >> I'm a little concerned about the compatibility risk described in the CSR, >> i.e. the `-f` option is already used in `ktab -d` to force removing entries. >> Hopefully not many people are writing their own wrappers on ktab that always >> include the `-f` option. I do want to be consistent with the naming in the >> MIT krb5 ktutil command. >> >> Another thing worth mentioning is the >> [KerberosKey:<new>(KerberosPrincipal principal, char[] password, >> String >> algorithm)](https://github.com/openjdk/jdk/blob/3790e58090be25421e3e323eb29deea100b7608c/src/java.security.jgss/share/classes/javax/security/auth/kerberos/KerberosKey.java#L149) >> constructor which always uses the default salt. For consistency, it looks >> like a new constructor should be added that takes the salt string as a >> parameter as well. However, I don't intend to add it as I cannot see a >> proper usage for it. In fact, I now regret adding the constructor linked >> above. > > src/java.security.jgss/windows/classes/sun/security/krb5/internal/tools/Ktab.java > line 2: > >> 1: /* >> 2: * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights >> reserved. > > 2022 Same goes for sun/security/krb5/internal/ktab/KeyTab.java. ------------- PR: https://git.openjdk.java.net/jdk/pull/6991