On Fri, 7 Jan 2022 19:35:56 GMT, Weijun Wang <wei...@openjdk.org> wrote:
> Please review this enhancement and its > [CSR](https://bugs.openjdk.java.net/browse/JDK-8279632). Two new options `-s > salt` and `-f` can be specified on the `ktab` command when adding entries. > > I'm a little concerned about the compatibility risk described in the CSR, > i.e. the `-f` option is already used in `ktab -d` to force removing entries. > Hopefully not many people are writing their own wrappers on ktab that always > include the `-f` option. I do want to be consistent with the naming in the > MIT krb5 ktutil command. > > Another thing worth mentioning is the > [KerberosKey:<new>(KerberosPrincipal principal, char[] password, String > algorithm)](https://github.com/openjdk/jdk/blob/3790e58090be25421e3e323eb29deea100b7608c/src/java.security.jgss/share/classes/javax/security/auth/kerberos/KerberosKey.java#L149) > constructor which always uses the default salt. For consistency, it looks > like a new constructor should be added that takes the salt string as a > parameter as well. However, I don't intend to add it as I cannot see a proper > usage for it. In fact, I now regret adding the constructor linked above. src/java.security.jgss/windows/classes/sun/security/krb5/internal/tools/Ktab.java line 2: > 1: /* > 2: * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights > reserved. 2022 src/java.security.jgss/windows/classes/sun/security/krb5/internal/tools/Ktab.java line 457: > 455: System.out.println("-l [-e] [-t]\n" > 456: + " list the keytab name and entries. -e with etype, > -t with timestamp."); > 457: System.out.println("-a <principal name> [<password>] [-s <salt>] > [-n <kvno>] [-f | -s <salt>] [-append]\n" The first [-s <salt\>] looks redundant? Hmm, I edited your CSR from [-s <salt\>] to [-s <salt\> | -f]. Maybe you want to change that to be consistent with what you have here. ------------- PR: https://git.openjdk.java.net/jdk/pull/6991
