Comparing name-type in KerberosPrincipal

Weijun Wang at
Thu Jun 6 01:54:30 PDT 2013

Hi All

Recently we fixed a bug in OpenJDK:

Here name-type equality is not checked anymore in the 
PrincipalName::equals() method. Since RFC 4120 6.2 says

    ... The name-type SHOULD be
    treated only as a hint to interpreting the meaning of a name. It is
    not significant when checking for equivalence.

It turns out the same problem also exists in the method, where 
the spec has

    More formally two KerberosPrincipal instances are equal if the
    values returned by getName() are equal and the values returned by
    getNameType() are equal.

I'm thinking about fixing it also. However, the classes inside the package are mostly used internal by the 
JAAS Krb5LoginModule and I'm not sure how people are using it outside 
JDK. Do you create objects of these classes in your applications or 
libraries? Is there any compatibility issue if it also ignores the 
name-type check?


More information about the security-dev mailing list