[Freeipa-users] Generation of /etc/krb5.conf file
Alexander Bokovoy
abokovoy at redhat.com
Mon Dec 7 15:30:03 UTC 2015
On Mon, 07 Dec 2015, Marc Boorshtein wrote:
>FreeIPA team,
>
>In doing some work with Java I came across an issue with = the
>krb5.conf file generated by the IPA client install process. Options
>in the krb5.conf file that are boolean are being set as yes/no instead
>of true/false. MIT Kerberos accepts it but per the docs it should be
>true/false. Here's a link to the issue in OpenJDK:
>
>https://bugs.openjdk.java.net/browse/JDK-8029995
>
>Easy enough fix on my end, just changed the options in the krb5.conf file.
Looking into krb5/src/util/profile/prof_get.c, the code that supports
'yes'/'no' (y,yes,1,true,t,on and n,no,nil,off,false) was added in 2000
with the commit 97971c69b9389be08b7e9ffb742ca35f3706b3af (it was CVS at
the time but the commit is traceable via git after import from SVN).
So I would say this is documentation issue on MIT krb5 side rather than
exception. Given that the code is supported for 15 years already,
perhaps making JDK aware of it is a better idea?
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list