--- a/src/jdk.security.auth/share/classes/com/sun/security/auth/module/Krb5LoginModule.java Fri Mar 02 11:43:19 2018 +0100
+++ b/src/jdk.security.auth/share/classes/com/sun/security/auth/module/Krb5LoginModule.java Fri Mar 09 11:36:12 2018 +0800
@@ -237,56 +237,56 @@
* {@code useFirstPass = true}, no user prompt is made.
* <p>Examples of some configuration values for Krb5LoginModule in
* JAAS config file and the results are:
- * <blockquote><dl>
- * <dd><pre>{@code
+ * <blockquote>
+ * <pre>{@code
* doNotPrompt = true}</pre>
* This is an illegal combination since none of {@code useTicketCache,
* useKeyTab, useFirstPass} and {@code tryFirstPass}
- * is set and the user can not be prompted for the password.</dd>
+ * is set and the user can not be prompted for the password.
*
- * <dd><pre>{@code
+ * <pre>{@code
* ticketCache = <filename>}</pre>
* This is an illegal combination since {@code useTicketCache}
* is not set to true and the ticketCache is set. A configuration error
- * will occur.</dd>
+ * will occur.
*
- * <dd><pre>{@code
+ * <pre>{@code
* renewTGT = true}</pre>
* This is an illegal combination since {@code useTicketCache} is
- * not set to true and renewTGT is set. A configuration error will occur.</dd>
+ * not set to true and renewTGT is set. A configuration error will occur.
*
- * <dd><pre>{@code
+ * <pre>{@code
* storeKey = true useTicketCache = true doNotPrompt = true}</pre>
* This is an illegal combination since {@code storeKey} is set to
* true but the key can not be obtained either by prompting the user or from
- * the keytab, or from the shared state. A configuration error will occur.</dd>
+ * the keytab, or from the shared state. A configuration error will occur.
*
- * <dd><pre>{@code
+ * <pre>{@code
* keyTab = <filename> doNotPrompt = true}</pre>
* This is an illegal combination since useKeyTab is not set to true and
- * the keyTab is set. A configuration error will occur.</dd>
+ * the keyTab is set. A configuration error will occur.
*
- * <dd><pre>{@code
+ * <pre>{@code
* debug = true}</pre>
* Prompt the user for the principal name and the password.
* Use the authentication exchange to get TGT from the KDC and
* populate the {@code Subject} with the principal and TGT.
- * Output debug messages.</dd>
+ * Output debug messages.
*
- * <dd><pre>{@code
+ * <pre>{@code
* useTicketCache = true doNotPrompt = true}</pre>
* Check the default cache for TGT and populate the {@code Subject}
* with the principal and TGT. If the TGT is not available,
- * do not prompt the user, instead fail the authentication.</dd>
+ * do not prompt the user, instead fail the authentication.
*
- * <dd><pre>{@code
+ * <pre>{@code
* principal = <name> useTicketCache = true doNotPrompt = true}</pre>
* Get the TGT from the default cache for the principal and populate the
* Subject's principal and private creds set. If ticket cache is
* not available or does not contain the principal's TGT
- * authentication will fail.</dd>
+ * authentication will fail.
*
- * <dd><pre>{@code
+ * <pre>{@code
* useTicketCache = true
* ticketCache = <file name>
* useKeyTab = true
@@ -297,9 +297,9 @@
* use the key in the keytab to perform authentication exchange with the
* KDC and acquire the TGT.
* The Subject will be populated with the principal and the TGT.
- * If the key is not available or valid then authentication will fail.</dd>
+ * If the key is not available or valid then authentication will fail.
*
- * <dd><pre>{@code
+ * <pre>{@code
* useTicketCache = true ticketCache = <filename>}</pre>
* The TGT will be obtained from the cache specified.
* The Kerberos principal name used will be the principal name in
@@ -307,17 +307,17 @@
* ticket cache the user will be prompted for the principal name
* and the password. The TGT will be obtained using the authentication
* exchange with the KDC.
- * The Subject will be populated with the TGT.</dd>
+ * The Subject will be populated with the TGT.
*
- * <dd><pre>{@code
+ * <pre>{@code
* useKeyTab = true keyTab=<keytab filename> principal = <principal name> storeKey = true}</pre>
* The key for the principal will be retrieved from the keytab.
* If the key is not available in the keytab the user will be prompted
* for the principal's password. The Subject will be populated
* with the principal's key either from the keytab or derived from the
- * password entered.</dd>
+ * password entered.
*
- * <dd><pre>{@code
+ * <pre>{@code
* useKeyTab = true keyTab = <keytabname> storeKey = true doNotPrompt = false}</pre>
* The user will be prompted for the service principal name.
* If the principal's
@@ -325,14 +325,14 @@
* Subject's private credentials. An authentication exchange will be
* attempted with the principal name and the key from the Keytab.
* If successful the TGT will be added to the
- * Subject's private credentials set. Otherwise the authentication will fail.</dd>
+ * Subject's private credentials set. Otherwise the authentication will fail.
*
- * <dd><pre>{@code
+ * <pre>{@code
* isInitiator = false useKeyTab = true keyTab = <keytabname> storeKey = true principal = *}</pre>
* The acceptor will be an unbound acceptor and it can act as any principal
- * as long that principal has keys in the keytab.</dd>
+ * as long that principal has keys in the keytab.
*
- * <dd><pre>{@code
+ * <pre>{@code
* useTicketCache = true
* ticketCache = <file name>
* useKeyTab = true
@@ -347,21 +347,21 @@
* This secret key will be first retrieved from the keytab. If the key
* is not available, the user will be prompted for the password. In either
* case, the key derived from the password will be added to the
- * Subject's private credentials set.</dd>
+ * Subject's private credentials set.
*
- * <dd><pre>{@code
+ * <pre>{@code
* isInitiator = false}</pre>
* Configured to act as acceptor only, credentials are not acquired
* via AS exchange. For acceptors only, set this value to false.
- * For initiators, do not set this value to false.</dd>
+ * For initiators, do not set this value to false.
*
- * <dd><pre>{@code
+ * <pre>{@code
* isInitiator = true}</pre>
* Configured to act as initiator, credentials are acquired
* via AS exchange. For initiators, set this value to true, or leave this
- * option unset, in which case default value (true) will be used.</dd>
+ * option unset, in which case default value (true) will be used.
*
- * </dl></blockquote>
+ * </blockquote>
*
* @author Ram Marti
*/
--- a/src/jdk.security.auth/share/classes/com/sun/security/auth/module/LdapLoginModule.java Fri Mar 02 11:43:19 2018 +0100
+++ b/src/jdk.security.auth/share/classes/com/sun/security/auth/module/LdapLoginModule.java Fri Mar 09 11:36:12 2018 +0800
@@ -92,7 +92,6 @@
*
* <p> The following option is mandatory and must be specified in this
* module's login {@link Configuration}:
- * <dl><dd>
* <dl>
* <dt> <code>userProvider=<b>ldap_urls</b></code>
* </dt>
@@ -114,11 +113,10 @@
* is supported (once DNS has been configured to support such a service).
* It is enabled by omitting the hostname and port number components from
* the LDAP URL. </dd>
- * </dl></dl>
+ * </dl>
*
* <p> This module also recognizes the following optional {@link Configuration}
* options:
- * <dl><dd>
* <dl>
* <dt> <code>userFilter=<b>ldap_filter</b></code> </dt>
* <dd> This option specifies the search filter to use to locate a user's
@@ -195,8 +193,7 @@
*
* <dt> {@code debug} </dt>
* <dd> if {@code true}, debug messages are displayed on the standard
- * output stream.
- * </dl>
+ * output stream.</dd>
* </dl>
*
* <p>