8190690: Impact on krb5 test cases in the 8u-CPU nightly

Reviewed-by: coffeys

8190690: Impact on krb5 test cases in the 8u-CPU nightly
Reviewed-by: coffeys
ff2c8bce · weijun · d475e36e · ff2c8bce · ff2c8bce · ff2c8bce
75 changed file
--- a/test/sun/security/krb5/auto/AcceptPermissions.java
+++ b/test/sun/security/krb5/auto/AcceptPermissions.java
@@ -26,8 +26,8 @@
 * @bug 9999999
 * @summary default principal can act as anyone
 * @compile -XDignore.symbol.file AcceptPermissions.java
- * @run main/othervm AcceptPermissions two
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock AcceptPermissions two
- * @run main/othervm AcceptPermissions unbound
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock AcceptPermissions unbound
 */
 import java.nio.file.Files;

--- a/test/sun/security/krb5/auto/AcceptorSubKey.java
+++ b/test/sun/security/krb5/auto/AcceptorSubKey.java
@@ -26,8 +26,8 @@
 * @bug 7077646
 * @summary gssapi wrap for CFX per-message tokens always set FLAG_ACCEPTOR_SUBKEY
 * @compile -XDignore.symbol.file AcceptorSubKey.java
- * @run main/othervm AcceptorSubKey 0
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock AcceptorSubKey 0
- * @run main/othervm AcceptorSubKey 4
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock AcceptorSubKey 4
 */
 import sun.security.jgss.GSSUtil;

--- a/test/sun/security/krb5/auto/AddressesAndNameType.java
+++ b/test/sun/security/krb5/auto/AddressesAndNameType.java
@@ -24,9 +24,9 @@
 /*
 * @test
 * @bug 4501327 4868379 8039132
- * @run main/othervm AddressesAndNameType 1
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock AddressesAndNameType 1
- * @run main/othervm AddressesAndNameType 2
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock AddressesAndNameType 2
- * @run main/othervm AddressesAndNameType 3
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock AddressesAndNameType 3
 * @summary noaddresses settings and server name type
 */

--- a/test/sun/security/krb5/auto/BadKdc1.java
+++ b/test/sun/security/krb5/auto/BadKdc1.java
@@ -24,7 +24,7 @@
 /*
 * @test
 * @bug 6843127
- * @run main/othervm/timeout=300 BadKdc1
+ * @run main/othervm/timeout=300 -Dsun.net.spi.nameservice.provider.1=ns,mock BadKdc1
 * @summary krb5 should not try to access unavailable kdc too often
 */

--- a/test/sun/security/krb5/auto/BadKdc2.java
+++ b/test/sun/security/krb5/auto/BadKdc2.java
@@ -24,7 +24,7 @@
 /*
 * @test
 * @bug 6843127
- * @run main/othervm/timeout=300 BadKdc2
+ * @run main/othervm/timeout=300 -Dsun.net.spi.nameservice.provider.1=ns,mock BadKdc2
 * @summary krb5 should not try to access unavailable kdc too often
 */

--- a/test/sun/security/krb5/auto/BadKdc3.java
+++ b/test/sun/security/krb5/auto/BadKdc3.java
@@ -24,7 +24,7 @@
 /*
 * @test
 * @bug 6843127
- * @run main/othervm/timeout=300 BadKdc3
+ * @run main/othervm/timeout=300 -Dsun.net.spi.nameservice.provider.1=ns,mock BadKdc3
 * @summary krb5 should not try to access unavailable kdc too often
 */

--- a/test/sun/security/krb5/auto/BadKdc4.java
+++ b/test/sun/security/krb5/auto/BadKdc4.java
@@ -24,7 +24,7 @@
 /*
 * @test
 * @bug 6843127
- * @run main/othervm/timeout=300 BadKdc4
+ * @run main/othervm/timeout=300 -Dsun.net.spi.nameservice.provider.1=ns,mock BadKdc4
 * @summary krb5 should not try to access unavailable kdc too often
 */

--- a/test/sun/security/krb5/auto/Basic.java
+++ b/test/sun/security/krb5/auto/Basic.java
@@ -26,7 +26,7 @@
 * @bug 7152176
 * @summary More krb5 tests
 * @compile -XDignore.symbol.file Basic.java
- * @run main/othervm Basic
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock Basic
 */
 import sun.security.jgss.GSSUtil;

--- a/test/sun/security/krb5/auto/BasicKrb5Test.java
+++ b/test/sun/security/krb5/auto/BasicKrb5Test.java
@@ -26,34 +26,34 @@
 * @bug 6706974
 * @summary Add krb5 test infrastructure
 * @compile -XDignore.symbol.file BasicKrb5Test.java
- * @run main/othervm BasicKrb5Test
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicKrb5Test
- * @run main/othervm BasicKrb5Test des-cbc-crc
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicKrb5Test des-cbc-crc
- * @run main/othervm BasicKrb5Test des-cbc-md5
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicKrb5Test des-cbc-md5
- * @run main/othervm BasicKrb5Test des3-cbc-sha1
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicKrb5Test des3-cbc-sha1
- * @run main/othervm BasicKrb5Test aes128-cts
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicKrb5Test aes128-cts
- * @run main/othervm BasicKrb5Test aes256-cts
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicKrb5Test aes256-cts
- * @run main/othervm BasicKrb5Test rc4-hmac
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicKrb5Test rc4-hmac
- * @run main/othervm BasicKrb5Test -s
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicKrb5Test -s
- * @run main/othervm BasicKrb5Test des-cbc-crc -s
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicKrb5Test des-cbc-crc -s
- * @run main/othervm BasicKrb5Test des-cbc-md5 -s
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicKrb5Test des-cbc-md5 -s
- * @run main/othervm BasicKrb5Test des3-cbc-sha1 -s
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicKrb5Test des3-cbc-sha1 -s
- * @run main/othervm BasicKrb5Test aes128-cts -s
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicKrb5Test aes128-cts -s
- * @run main/othervm BasicKrb5Test aes256-cts -s
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicKrb5Test aes256-cts -s
- * @run main/othervm BasicKrb5Test rc4-hmac -s
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicKrb5Test rc4-hmac -s
- * @run main/othervm BasicKrb5Test -C
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicKrb5Test -C
- * @run main/othervm BasicKrb5Test des-cbc-crc -C
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicKrb5Test des-cbc-crc -C
- * @run main/othervm BasicKrb5Test des-cbc-md5 -C
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicKrb5Test des-cbc-md5 -C
- * @run main/othervm BasicKrb5Test des3-cbc-sha1 -C
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicKrb5Test des3-cbc-sha1 -C
- * @run main/othervm BasicKrb5Test aes128-cts -C
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicKrb5Test aes128-cts -C
- * @run main/othervm BasicKrb5Test aes256-cts -C
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicKrb5Test aes256-cts -C
- * @run main/othervm BasicKrb5Test rc4-hmac -C
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicKrb5Test rc4-hmac -C
- * @run main/othervm BasicKrb5Test -s -C
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicKrb5Test -s -C
- * @run main/othervm BasicKrb5Test des-cbc-crc -s -C
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicKrb5Test des-cbc-crc -s -C
- * @run main/othervm BasicKrb5Test des-cbc-md5 -s -C
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicKrb5Test des-cbc-md5 -s -C
- * @run main/othervm BasicKrb5Test des3-cbc-sha1 -s -C
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicKrb5Test des3-cbc-sha1 -s -C
- * @run main/othervm BasicKrb5Test aes128-cts -s -C
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicKrb5Test aes128-cts -s -C
- * @run main/othervm BasicKrb5Test aes256-cts -s -C
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicKrb5Test aes256-cts -s -C
- * @run main/othervm BasicKrb5Test rc4-hmac -s -C
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicKrb5Test rc4-hmac -s -C
 */
 import org.ietf.jgss.GSSName;

--- a/test/sun/security/krb5/auto/BasicProc.java
+++ b/test/sun/security/krb5/auto/BasicProc.java
@@ -27,7 +27,7 @@
 * @summary A test library to launch multiple Java processes
 * @library ../../../../java/security/testlibrary/
 * @compile -XDignore.symbol.file BasicProc.java
- * @run main/othervm BasicProc
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BasicProc
 */
 import java.io.File;
@@ -65,6 +65,9 @@ public class BasicProc {
                    .args("client")
                    .prop("java.security.krb5.conf", CONF)
                    .prop("java.security.manager", "")
+                    .prop("sun.net.spi.nameservice.provider.1", "ns,mock")
+                    .perm(new java.lang.RuntimePermission(
+                            "accessClassInPackage.sun.net.spi.nameservice"))
                    .perm(new java.util.PropertyPermission(
                            "sun.security.krb5.principal", "read"))
                    .perm(new javax.security.auth.AuthPermission(
@@ -85,6 +88,9 @@ public class BasicProc {
                    .args("server")
                    .prop("java.security.krb5.conf", CONF)
                    .prop("java.security.manager", "")
+                    .prop("sun.net.spi.nameservice.provider.1", "ns,mock")
+                    .perm(new java.lang.RuntimePermission(
+                            "accessClassInPackage.sun.net.spi.nameservice"))
                    .perm(new java.util.PropertyPermission(
                            "sun.security.krb5.principal", "read"))
                    .perm(new javax.security.auth.AuthPermission(
@@ -107,6 +113,9 @@ public class BasicProc {
                    .args("backend")
                    .prop("java.security.krb5.conf", CONF)
                    .prop("java.security.manager", "")
+                    .prop("sun.net.spi.nameservice.provider.1", "ns,mock")
+                    .perm(new java.lang.RuntimePermission(
+                            "accessClassInPackage.sun.net.spi.nameservice"))
                    .perm(new java.util.PropertyPermission(
                            "sun.security.krb5.principal", "read"))
                    .perm(new javax.security.auth.AuthPermission(
@@ -185,6 +194,7 @@ public class BasicProc {
        return p
            .env("KRB5_CONFIG", CONF)
            .env("KRB5_KTNAME", KTAB)
+            .prop("sun.net.spi.nameservice.provider.1", "ns,mock")
            .prop("sun.security.jgss.native", "true")
            .prop("javax.security.auth.useSubjectCredsOnly", "false")
            .prop("sun.security.nativegss.debug", "true");

--- a/test/sun/security/krb5/auto/BogusKDC.java
+++ b/test/sun/security/krb5/auto/BogusKDC.java
@@ -36,7 +36,7 @@ import javax.security.auth.login.LoginException;
 * @bug 4515853 8075297
 * @summary Checks that Kerberos client tries slave KDC
 *          if master KDC is not responding
- * @run main/othervm BogusKDC
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock BogusKDC
 */
 public class BogusKDC {

--- a/test/sun/security/krb5/auto/CleanState.java
+++ b/test/sun/security/krb5/auto/CleanState.java
@@ -25,7 +25,7 @@
 * @test
 * @bug 6716534
 * @compile -XDignore.symbol.file CleanState.java
- * @run main/othervm CleanState
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock CleanState
 * @summary Krb5LoginModule has not cleaned temp info between authentication attempts
 */
 import com.sun.security.auth.module.Krb5LoginModule;

--- a/test/sun/security/krb5/auto/CrossRealm.java
+++ b/test/sun/security/krb5/auto/CrossRealm.java
@@ -25,7 +25,7 @@
 * @test
 * @bug 6706974
 * @compile -XDignore.symbol.file CrossRealm.java
- * @run main/othervm CrossRealm
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock CrossRealm
 * @summary Add krb5 test infrastructure
 */
 import java.io.File;

--- a/test/sun/security/krb5/auto/DiffNameSameKey.java
+++ b/test/sun/security/krb5/auto/DiffNameSameKey.java
@@ -26,8 +26,8 @@
 * @bug 8005447
 * @summary default principal can act as anyone
 * @compile -XDignore.symbol.file DiffNameSameKey.java
- * @run main/othervm/fail DiffNameSameKey a
+ * @run main/othervm/fail -Dsun.net.spi.nameservice.provider.1=ns,mock DiffNameSameKey a
- * @run main/othervm DiffNameSameKey b
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock DiffNameSameKey b
 */
 import sun.security.jgss.GSSUtil;

--- a/test/sun/security/krb5/auto/DupEtypes.java
+++ b/test/sun/security/krb5/auto/DupEtypes.java
@@ -26,11 +26,11 @@
 * @bug 7067974
 * @summary multiple ETYPE-INFO-ENTRY with same etype and different salt
 * @compile -XDignore.symbol.file DupEtypes.java
- * @run main/othervm DupEtypes 1
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock DupEtypes 1
- * @run main/othervm DupEtypes 2
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock DupEtypes 2
- * @run main/othervm/fail DupEtypes 3
+ * @run main/othervm/fail -Dsun.net.spi.nameservice.provider.1=ns,mock DupEtypes 3
- * @run main/othervm DupEtypes 4
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock DupEtypes 4
- * @run main/othervm DupEtypes 5
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock DupEtypes 5
 */
 import sun.security.jgss.GSSUtil;

--- a/test/sun/security/krb5/auto/DynamicKeytab.java
+++ b/test/sun/security/krb5/auto/DynamicKeytab.java
@@ -25,7 +25,7 @@
 * @test
 * @bug 6894072
 * @compile -XDignore.symbol.file DynamicKeytab.java
- * @run main/othervm DynamicKeytab
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock DynamicKeytab
 * @summary always refresh keytab
 */

--- a/test/sun/security/krb5/auto/EmptyPassword.java
+++ b/test/sun/security/krb5/auto/EmptyPassword.java
@@ -26,7 +26,7 @@
 * @bug 6879540
 * @summary enable empty password for kerberos 5
 * @compile -XDignore.symbol.file EmptyPassword.java
- * @run main/othervm EmptyPassword
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock EmptyPassword
 */
 public class EmptyPassword {

--- a/test/sun/security/krb5/auto/FileKeyTab.java
+++ b/test/sun/security/krb5/auto/FileKeyTab.java
@@ -26,7 +26,7 @@
 * @bug 7152121
 * @summary Krb5LoginModule no longer handles keyTabNames with "file:" prefix
 * @compile -XDignore.symbol.file FileKeyTab.java
- * @run main/othervm FileKeyTab
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock FileKeyTab
 */
 import java.io.File;

--- a/test/sun/security/krb5/auto/ForwardableCheck.java
+++ b/test/sun/security/krb5/auto/ForwardableCheck.java
@@ -26,7 +26,7 @@
 * @bug 8022582
 * @summary Relax response flags checking in sun.security.krb5.KrbKdcRep.check.
 * @compile -XDignore.symbol.file ForwardableCheck.java
- * @run main/othervm ForwardableCheck
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock ForwardableCheck
 */
 import org.ietf.jgss.GSSException;

--- a/test/sun/security/krb5/auto/GSS.java
+++ b/test/sun/security/krb5/auto/GSS.java
@@ -26,7 +26,7 @@
 * @bug 7152176
 * @summary More krb5 tests
 * @compile -XDignore.symbol.file GSS.java
- * @run main/othervm GSS
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock GSS
 */
 import sun.security.jgss.GSSUtil;

--- a/test/sun/security/krb5/auto/GSSUnbound.java
+++ b/test/sun/security/krb5/auto/GSSUnbound.java
@@ -26,7 +26,7 @@
 * @bug 8001104
 * @summary Unbound SASL service: the GSSAPI/krb5 mech
 * @compile -XDignore.symbol.file GSSUnbound.java
- * @run main/othervm GSSUnbound
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock GSSUnbound
 */
 import java.security.Security;

--- a/test/sun/security/krb5/auto/HttpNegotiateServer.java
+++ b/test/sun/security/krb5/auto/HttpNegotiateServer.java
@@ -24,7 +24,7 @@
 /*
 * @test
 * @bug 6578647 6829283
- * @run main/othervm HttpNegotiateServer
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock HttpNegotiateServer
 * @summary Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication()
 * @summary HTTP/Negotiate: Authenticator triggered again when user cancels the first one
 */

--- a/test/sun/security/krb5/auto/IgnoreChannelBinding.java
+++ b/test/sun/security/krb5/auto/IgnoreChannelBinding.java
@@ -24,7 +24,7 @@
 /*
 * @test
 * @bug 6851973
- * @run main/othervm IgnoreChannelBinding
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock IgnoreChannelBinding
 * @summary ignore incoming channel binding if acceptor does not set one
 */

--- a/test/sun/security/krb5/auto/KDC.java
+++ b/test/sun/security/krb5/auto/KDC.java
@@ -206,9 +206,9 @@ public class KDC {
        SENSITIVE_ACCOUNTS,
    };
-    static {
+    //static {
-        System.setProperty("sun.net.spi.nameservice.provider.1", "ns,mock");
+    //    System.setProperty("sun.net.spi.nameservice.provider.1", "ns,mock");
-    }
+    //}
    /**
     * A standalone KDC server.

--- a/test/sun/security/krb5/auto/KPEquals.java
+++ b/test/sun/security/krb5/auto/KPEquals.java
@@ -26,7 +26,7 @@
 * @bug 8015669
 * @summary KerberosPrincipal::equals should ignore name-type
 * @compile -XDignore.symbol.file KPEquals.java
- * @run main/othervm KPEquals
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock KPEquals
 */
 import sun.security.jgss.GSSUtil;

--- a/test/sun/security/krb5/auto/KerberosHashEqualsTest.java
+++ b/test/sun/security/krb5/auto/KerberosHashEqualsTest.java
@@ -24,7 +24,7 @@
 /*
 * @test
 * @bug 4641821
- * @run main/othervm KerberosHashEqualsTest
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock KerberosHashEqualsTest
 * @summary hashCode() and equals() for KerberosKey and KerberosTicket
 */

--- a/test/sun/security/krb5/auto/KeyPermissions.java
+++ b/test/sun/security/krb5/auto/KeyPermissions.java
@@ -26,7 +26,7 @@
 * @bug 8004488
 * @summary wrong permissions checked in krb5
 * @compile -XDignore.symbol.file KeyPermissions.java
- * @run main/othervm KeyPermissions
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock KeyPermissions
 */
 import java.security.AccessControlException;

--- a/test/sun/security/krb5/auto/KeyTabCompat.java
+++ b/test/sun/security/krb5/auto/KeyTabCompat.java
@@ -26,7 +26,7 @@
 * @bug 6894072
 * @bug 8004488
 * @compile -XDignore.symbol.file KeyTabCompat.java
- * @run main/othervm KeyTabCompat
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock KeyTabCompat
 * @summary always refresh keytab
 */

--- a/test/sun/security/krb5/auto/KrbTicket.java
+++ b/test/sun/security/krb5/auto/KrbTicket.java
@@ -37,7 +37,7 @@ import javax.security.auth.login.LoginContext;
 * @test
 * @bug 6857795 8075299
 * @summary Checks Kerberos ticket properties
- * @run main/othervm KrbTicket
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock KrbTicket
 */
 public class KrbTicket {

--- a/test/sun/security/krb5/auto/KvnoNA.java
+++ b/test/sun/security/krb5/auto/KvnoNA.java
@@ -25,7 +25,7 @@
 * @test
 * @bug 7197159
 * @compile -XDignore.symbol.file KvnoNA.java
- * @run main/othervm KvnoNA
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock KvnoNA
 * @summary accept different kvno if there no match
 */

--- a/test/sun/security/krb5/auto/LifeTimeInSeconds.java
+++ b/test/sun/security/krb5/auto/LifeTimeInSeconds.java
@@ -24,7 +24,7 @@
 /*
 * @test
 * @bug 6857802
- * @run main/othervm LifeTimeInSeconds
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock LifeTimeInSeconds
 * @summary GSS getRemainingInitLifetime method returns milliseconds not seconds
 */
 import org.ietf.jgss.GSSCredential;

--- a/test/sun/security/krb5/auto/LoginModuleOptions.java
+++ b/test/sun/security/krb5/auto/LoginModuleOptions.java
@@ -24,7 +24,7 @@
 /*
 * @test
 * @bug 6765491
- * @run main/othervm LoginModuleOptions
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock LoginModuleOptions
 * @summary Krb5LoginModule a little too restrictive, and the doc is not clear.
 */
 import com.sun.security.auth.module.Krb5LoginModule;

--- a/test/sun/security/krb5/auto/LoginNoPass.java
+++ b/test/sun/security/krb5/auto/LoginNoPass.java
@@ -26,7 +26,7 @@
 * @bug 8028351
 * @summary JWS doesn't get authenticated when using kerberos auth proxy
 * @compile -XDignore.symbol.file LoginNoPass.java
- * @run main/othervm LoginNoPass
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock LoginNoPass
 */
 import sun.security.jgss.GSSUtil;

--- a/test/sun/security/krb5/auto/MSOID2.java
+++ b/test/sun/security/krb5/auto/MSOID2.java
@@ -26,7 +26,7 @@
 * @bug 8078439
 * @summary SPNEGO auth fails if client proposes MS krb5 OID
 * @compile -XDignore.symbol.file MSOID2.java
- * @run main/othervm MSOID2
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock MSOID2
 */
 import sun.security.jgss.GSSUtil;

--- a/test/sun/security/krb5/auto/MaxRetries.java
+++ b/test/sun/security/krb5/auto/MaxRetries.java
@@ -25,7 +25,7 @@
 * @test
 * @bug 6844193
 * @compile -XDignore.symbol.file MaxRetries.java
- * @run main/othervm/timeout=300 MaxRetries
+ * @run main/othervm/timeout=300 -Dsun.net.spi.nameservice.provider.1=ns,mock MaxRetries
 * @summary support max_retries in krb5.conf
 */

--- a/test/sun/security/krb5/auto/MoreKvno.java
+++ b/test/sun/security/krb5/auto/MoreKvno.java
@@ -24,7 +24,7 @@
 /*
 * @test
 * @bug 6893158 6907425 7197159
- * @run main/othervm MoreKvno
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock MoreKvno
 * @summary AP_REQ check should use key version number
 */

--- a/test/sun/security/krb5/auto/NewSalt.java
+++ b/test/sun/security/krb5/auto/NewSalt.java
@@ -25,9 +25,9 @@
 * @test
 * @bug 6960894
 * @summary Better AS-REQ creation and processing
- * @run main/othervm NewSalt
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock NewSalt
- * @run main/othervm -Dnopreauth NewSalt
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock -Dnopreauth NewSalt
- * @run main/othervm -Donlyonepreauth NewSalt
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock -Donlyonepreauth NewSalt
 */
 import sun.security.jgss.GSSUtil;

--- a/test/sun/security/krb5/auto/NoAddresses.java
+++ b/test/sun/security/krb5/auto/NoAddresses.java
@@ -24,9 +24,9 @@
 /*
 * @test
 * @bug 7032354
- * @run main/othervm NoAddresses 1
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock NoAddresses 1
- * @run main/othervm NoAddresses 2
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock NoAddresses 2
- * @run main/othervm/fail NoAddresses 3
+ * @run main/othervm/fail -Dsun.net.spi.nameservice.provider.1=ns,mock NoAddresses 3
 * @summary no-addresses should not be used on acceptor side
 */

--- a/test/sun/security/krb5/auto/NoInitNoKeytab.java
+++ b/test/sun/security/krb5/auto/NoInitNoKeytab.java
@@ -26,7 +26,7 @@
 * @bug 7089889
 * @summary Krb5LoginModule.login() throws an exception if used without a keytab
 * @compile -XDignore.symbol.file NoInitNoKeytab.java
- * @run main/othervm NoInitNoKeytab
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock NoInitNoKeytab
 */
 import java.io.FileOutputStream;

--- a/test/sun/security/krb5/auto/NonMutualSpnego.java
+++ b/test/sun/security/krb5/auto/NonMutualSpnego.java
@@ -24,7 +24,7 @@
 /*
 * @test
 * @bug 6733095
- * @run main/othervm NonMutualSpnego
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock NonMutualSpnego
 * @summary Failure when SPNEGO request non-Mutual
 */

--- a/test/sun/security/krb5/auto/NoneReplayCacheTest.java
+++ b/test/sun/security/krb5/auto/NoneReplayCacheTest.java
@@ -24,7 +24,7 @@
 /*
 * @test
 * @bug 8001326
- * @run main/othervm NoneReplayCacheTest
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock NoneReplayCacheTest
 * @summary the replaycache type none cannot stop an authenticator replay,
 * but it can stop a message replay when s.s.k.acceptor.subkey is true.
 * You should not really use none in production environment. This test merely

--- a/test/sun/security/krb5/auto/OkAsDelegate.java
+++ b/test/sun/security/krb5/auto/OkAsDelegate.java
@@ -24,27 +24,27 @@
 /*
 * @test
 * @bug 6853328 7172701
- * @run main/othervm OkAsDelegate false true true false false false
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock OkAsDelegate false true true false false false
 *      FORWARDABLE ticket not allowed, always fail
- * @run main/othervm OkAsDelegate true false false false false false
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock OkAsDelegate true false false false false false
 *      Service ticket no OK-AS-DELEGATE. Request nothing, gain nothing
- * @run main/othervm OkAsDelegate true false true false false false
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock OkAsDelegate true false true false false false
 *      Service ticket no OK-AS-DELEGATE. Request deleg policy, gain nothing
- * @run main/othervm OkAsDelegate true true false true false true
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock OkAsDelegate true true false true false true
 *      Service ticket no OK-AS-DELEGATE. Request deleg, granted
- * @run main/othervm OkAsDelegate true true true true false true
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock OkAsDelegate true true true true false true
 *      Service ticket no OK-AS-DELEGATE. Request deleg and deleg policy, granted, with info not by policy
- * @run main/othervm -Dtest.kdc.policy.ok-as-delegate OkAsDelegate true false true true true true
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock -Dtest.kdc.policy.ok-as-delegate OkAsDelegate true false true true true true
 *      Service ticket has OK-AS-DELEGATE. Request deleg policy, granted
- * @run main/othervm -Dtest.kdc.policy.ok-as-delegate OkAsDelegate true true true true true true
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock -Dtest.kdc.policy.ok-as-delegate OkAsDelegate true true true true true true
 *      Service ticket has OK-AS-DELEGATE. granted, with info by policy
- * @run main/othervm -Dtest.spnego OkAsDelegate false true true false false false
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock -Dtest.spnego OkAsDelegate false true true false false false
- * @run main/othervm -Dtest.spnego OkAsDelegate true false false false false false
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock -Dtest.spnego OkAsDelegate true false false false false false
- * @run main/othervm -Dtest.spnego OkAsDelegate true false true false false false
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock -Dtest.spnego OkAsDelegate true false true false false false
- * @run main/othervm -Dtest.spnego OkAsDelegate true true false true false true
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock -Dtest.spnego OkAsDelegate true true false true false true
- * @run main/othervm -Dtest.spnego OkAsDelegate true true true true false true
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock -Dtest.spnego OkAsDelegate true true true true false true
- * @run main/othervm -Dtest.spnego -Dtest.kdc.policy.ok-as-delegate OkAsDelegate true false true true true true
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock -Dtest.spnego -Dtest.kdc.policy.ok-as-delegate OkAsDelegate true false true true true true
- * @run main/othervm -Dtest.spnego -Dtest.kdc.policy.ok-as-delegate OkAsDelegate true true true true true true
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock -Dtest.spnego -Dtest.kdc.policy.ok-as-delegate OkAsDelegate true true true true true true
 * @summary Support OK-AS-DELEGATE flag
 */
 import com.sun.security.jgss.ExtendedGSSContext;

--- a/test/sun/security/krb5/auto/OkAsDelegateXRealm.java
+++ b/test/sun/security/krb5/auto/OkAsDelegateXRealm.java
@@ -24,13 +24,13 @@
 /*
 * @test
 * @bug 6853328 7172701
- * @run main/othervm OkAsDelegateXRealm false
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock OkAsDelegateXRealm false
 *      KDC no OK-AS-DELEGATE, fail
- * @run main/othervm -Dtest.kdc.policy.ok-as-delegate OkAsDelegateXRealm true
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock -Dtest.kdc.policy.ok-as-delegate OkAsDelegateXRealm true
 *      KDC set OK-AS-DELEGATE for all, succeed
- * @run main/othervm -Dtest.kdc.policy.ok-as-delegate=host/host.r3.local OkAsDelegateXRealm false
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock -Dtest.kdc.policy.ok-as-delegate=host/host.r3.local OkAsDelegateXRealm false
 *      KDC set OK-AS-DELEGATE for host/host.r3.local only, fail
- * @run main/othervm -Dtest.kdc.policy.ok-as-delegate=host/host.r3.local,krbtgt/R2,krbtgt/R3 OkAsDelegateXRealm true
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock -Dtest.kdc.policy.ok-as-delegate=host/host.r3.local,krbtgt/R2,krbtgt/R3 OkAsDelegateXRealm true
 *      KDC set OK-AS-DELEGATE for all three, succeed
 * @summary Support OK-AS-DELEGATE flag
 */

--- a/test/sun/security/krb5/auto/OnlyDesLogin.java
+++ b/test/sun/security/krb5/auto/OnlyDesLogin.java
@@ -26,7 +26,7 @@
 * @bug 8014310
 * @summary JAAS/Krb5LoginModule using des encytypes failure with NPE after JDK-8012679
 * @compile -XDignore.symbol.file OnlyDesLogin.java
- * @run main/othervm OnlyDesLogin
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock OnlyDesLogin
 */
 import sun.security.krb5.Config;

--- a/test/sun/security/krb5/auto/PrincipalNameEquals.java
+++ b/test/sun/security/krb5/auto/PrincipalNameEquals.java
@@ -26,7 +26,7 @@
 * @bug 7061379
 * @summary [Kerberos] Cross-realm authentication fails, due to nameType problem
 * @compile -XDignore.symbol.file PrincipalNameEquals.java
- * @run main/othervm PrincipalNameEquals
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock PrincipalNameEquals
 */
 import sun.security.jgss.GSSUtil;

--- a/test/sun/security/krb5/auto/RRC.java
+++ b/test/sun/security/krb5/auto/RRC.java
@@ -26,7 +26,7 @@
 * @bug 7077640
 * @summary gss wrap for cfx doesn't handle rrc != 0
 * @compile -XDignore.symbol.file RRC.java
- * @run main/othervm RRC
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock RRC
 */
 import java.util.Arrays;

--- a/test/sun/security/krb5/auto/RefreshKrb5Config.java
+++ b/test/sun/security/krb5/auto/RefreshKrb5Config.java
@@ -34,7 +34,7 @@ import javax.security.auth.login.LoginException;
 * @bug 4745056 8075297
 * @summary Checks if refreshKrb5Config is set to true for Krb5LoginModule,
 *          then configuration will be refreshed before login() method is called
- * @run main/othervm RefreshKrb5Config
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock RefreshKrb5Config
 */
 public class RefreshKrb5Config {

--- a/test/sun/security/krb5/auto/ReplayCacheTest.java
+++ b/test/sun/security/krb5/auto/ReplayCacheTest.java
@@ -24,8 +24,8 @@
 /*
 * @test
 * @bug 7118809 8001326
- * @run main/othervm ReplayCacheTest jvm
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock ReplayCacheTest jvm
- * @run main/othervm ReplayCacheTest dfl
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock ReplayCacheTest dfl
 * @summary rcache deadlock
 */

--- a/test/sun/security/krb5/auto/ReplayCacheTestProc.java
+++ b/test/sun/security/krb5/auto/ReplayCacheTestProc.java
@@ -27,7 +27,7 @@
 * @summary More krb5 tests
 * @library ../../../../java/security/testlibrary/
 * @compile -XDignore.symbol.file ReplayCacheTestProc.java
- * @run main/othervm/timeout=100 ReplayCacheTestProc
+ * @run main/othervm/timeout=100 -Dsun.net.spi.nameservice.provider.1=ns,mock ReplayCacheTestProc
 */
 import java.io.*;
@@ -277,6 +277,7 @@ public class ReplayCacheTestProc {
                .prop("sun.security.jgss.native", "true")
                .prop("javax.security.auth.useSubjectCredsOnly", "false")
                .prop("sun.security.nativegss.debug", "true")
+                .prop("sun.net.spi.nameservice.provider.1", "ns,mock")
                .debug("N"+i)
                .start();
    }
@@ -287,6 +288,7 @@ public class ReplayCacheTestProc {
                .args("S"+i)
                .prop("sun.security.krb5.rcache", "dfl")
                .prop("java.io.tmpdir", cwd)
+                .prop("sun.net.spi.nameservice.provider.1", "ns,mock")
                .start();
    }
    // generates hash of authenticator inside ap-req inside initsectoken

--- a/test/sun/security/krb5/auto/S4U2proxy.java
+++ b/test/sun/security/krb5/auto/S4U2proxy.java
@@ -26,8 +26,8 @@
 * @bug 6355584 8044215
 * @summary Introduce constrained Kerberos delegation
 * @compile -XDignore.symbol.file S4U2proxy.java
- * @run main/othervm S4U2proxy krb5
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock S4U2proxy krb5
- * @run main/othervm S4U2proxy spnego
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock S4U2proxy spnego
 */
 import java.util.Arrays;

--- a/test/sun/security/krb5/auto/S4U2proxyGSS.java
+++ b/test/sun/security/krb5/auto/S4U2proxyGSS.java
@@ -26,8 +26,8 @@
 * @bug 6355584
 * @summary Introduce constrained Kerberos delegation
 * @compile -XDignore.symbol.file S4U2proxyGSS.java
- * @run main/othervm -Djavax.security.auth.useSubjectCredsOnly=false S4U2proxyGSS krb5
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock -Djavax.security.auth.useSubjectCredsOnly=false S4U2proxyGSS krb5
- * @run main/othervm -Djavax.security.auth.useSubjectCredsOnly=false S4U2proxyGSS spnego
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock -Djavax.security.auth.useSubjectCredsOnly=false S4U2proxyGSS spnego
 */
 import java.io.File;

--- a/test/sun/security/krb5/auto/S4U2self.java
+++ b/test/sun/security/krb5/auto/S4U2self.java
@@ -26,13 +26,13 @@
 * @bug 6355584
 * @summary Introduce constrained Kerberos delegation
 * @compile -XDignore.symbol.file S4U2self.java
- * @run main/othervm -Dsun.security.krb5.debug=false S4U2self krb5 0
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock -Dsun.security.krb5.debug=false S4U2self krb5 0
- * @run main/othervm/fail -Dsun.security.krb5.debug=false S4U2self krb5 1
+ * @run main/othervm/fail -Dsun.net.spi.nameservice.provider.1=ns,mock -Dsun.security.krb5.debug=false S4U2self krb5 1
- * @run main/othervm/fail -Dsun.security.krb5.debug=false S4U2self krb5 2
+ * @run main/othervm/fail -Dsun.net.spi.nameservice.provider.1=ns,mock -Dsun.security.krb5.debug=false S4U2self krb5 2
- * @run main/othervm/fail -Dsun.security.krb5.debug=false S4U2self krb5 3
+ * @run main/othervm/fail -Dsun.net.spi.nameservice.provider.1=ns,mock -Dsun.security.krb5.debug=false S4U2self krb5 3
- * @run main/othervm/fail -Dsun.security.krb5.debug=false S4U2self krb5 4
+ * @run main/othervm/fail -Dsun.net.spi.nameservice.provider.1=ns,mock -Dsun.security.krb5.debug=false S4U2self krb5 4
- * @run main/othervm/fail -Dsun.security.krb5.debug=false S4U2self krb5 5
+ * @run main/othervm/fail -Dsun.net.spi.nameservice.provider.1=ns,mock -Dsun.security.krb5.debug=false S4U2self krb5 5
- * @run main/othervm -Dsun.security.krb5.debug=false S4U2self spnego
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock -Dsun.security.krb5.debug=false S4U2self spnego
 */
 import java.util.Arrays;

--- a/test/sun/security/krb5/auto/S4U2selfAsServer.java
+++ b/test/sun/security/krb5/auto/S4U2selfAsServer.java
@@ -26,8 +26,8 @@
 * @bug 6355584
 * @summary Introduce constrained Kerberos delegation
 * @compile -XDignore.symbol.file S4U2selfAsServer.java
- * @run main/othervm S4U2selfAsServer krb5
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock S4U2selfAsServer krb5
- * @run main/othervm S4U2selfAsServer spnego
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock S4U2selfAsServer spnego
 */
 import java.util.Arrays;

--- a/test/sun/security/krb5/auto/S4U2selfAsServerGSS.java
+++ b/test/sun/security/krb5/auto/S4U2selfAsServerGSS.java
@@ -26,8 +26,8 @@
 * @bug 6355584
 * @summary Introduce constrained Kerberos delegation
 * @compile -XDignore.symbol.file S4U2selfAsServerGSS.java
- * @run main/othervm -Djavax.security.auth.useSubjectCredsOnly=false S4U2selfAsServerGSS krb5
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock -Djavax.security.auth.useSubjectCredsOnly=false S4U2selfAsServerGSS krb5
- * @run main/othervm -Djavax.security.auth.useSubjectCredsOnly=false S4U2selfAsServerGSS spnego
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock -Djavax.security.auth.useSubjectCredsOnly=false S4U2selfAsServerGSS spnego
 */
 import java.io.File;

--- a/test/sun/security/krb5/auto/S4U2selfGSS.java
+++ b/test/sun/security/krb5/auto/S4U2selfGSS.java
@@ -26,8 +26,8 @@
 * @bug 6355584
 * @summary Introduce constrained Kerberos delegation
 * @compile -XDignore.symbol.file S4U2selfGSS.java
- * @run main/othervm -Dsun.security.krb5.debug=false S4U2selfGSS krb5
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock -Dsun.security.krb5.debug=false S4U2selfGSS krb5
- * @run main/othervm -Dsun.security.krb5.debug=false S4U2selfGSS spnego
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock -Dsun.security.krb5.debug=false S4U2selfGSS spnego
 */
 import java.util.Arrays;

--- a/test/sun/security/krb5/auto/SPNEGO.java
+++ b/test/sun/security/krb5/auto/SPNEGO.java
@@ -26,7 +26,7 @@
 * @bug 7040151
 * @summary SPNEGO GSS code does not parse tokens in accordance to RFC 2478
 * @compile -XDignore.symbol.file SPNEGO.java
- * @run main/othervm SPNEGO
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock SPNEGO
 */
 import sun.security.jgss.GSSUtil;

--- a/test/sun/security/krb5/auto/SSL.java
+++ b/test/sun/security/krb5/auto/SSL.java
@@ -26,17 +26,17 @@
 * @bug 6894643 6913636 8005523 8025123
 * @summary Test JSSE Kerberos ciphersuite
- * @run main/othervm SSL TLS_KRB5_WITH_RC4_128_SHA
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock SSL TLS_KRB5_WITH_RC4_128_SHA
- * @run main/othervm SSL TLS_KRB5_WITH_RC4_128_SHA unbound
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock SSL TLS_KRB5_WITH_RC4_128_SHA unbound
- * @run main/othervm SSL TLS_KRB5_WITH_RC4_128_SHA unbound sni
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock SSL TLS_KRB5_WITH_RC4_128_SHA unbound sni
- * @run main/othervm SSL TLS_KRB5_WITH_3DES_EDE_CBC_SHA
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock SSL TLS_KRB5_WITH_3DES_EDE_CBC_SHA
- * @run main/othervm SSL TLS_KRB5_WITH_3DES_EDE_CBC_MD5
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock SSL TLS_KRB5_WITH_3DES_EDE_CBC_MD5
- * @run main/othervm SSL TLS_KRB5_WITH_DES_CBC_SHA
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock SSL TLS_KRB5_WITH_DES_CBC_SHA
- * @run main/othervm SSL TLS_KRB5_WITH_DES_CBC_MD5
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock SSL TLS_KRB5_WITH_DES_CBC_MD5
- * @run main/othervm SSL TLS_KRB5_EXPORT_WITH_RC4_40_SHA
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock SSL TLS_KRB5_EXPORT_WITH_RC4_40_SHA
- * @run main/othervm SSL TLS_KRB5_EXPORT_WITH_RC4_40_MD5
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock SSL TLS_KRB5_EXPORT_WITH_RC4_40_MD5
- * @run main/othervm SSL TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock SSL TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
- * @run main/othervm SSL TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock SSL TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
 */
 import java.io.*;
 import java.security.Permission;

--- a/test/sun/security/krb5/auto/SaslBasic.java
+++ b/test/sun/security/krb5/auto/SaslBasic.java
@@ -26,8 +26,8 @@
 * @bug 7110803
 * @summary SASL service for multiple hostnames
 * @compile -XDignore.symbol.file SaslBasic.java
- * @run main/othervm SaslBasic bound
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock SaslBasic bound
- * @run main/othervm SaslBasic unbound
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock SaslBasic unbound
 */
 import java.io.IOException;
 import java.util.Arrays;

--- a/test/sun/security/krb5/auto/SaslGSS.java
+++ b/test/sun/security/krb5/auto/SaslGSS.java
@@ -27,7 +27,7 @@
 * @summary SASL: auth-conf negotiated, but unencrypted data is accepted,
  *         reset to unencrypt
 * @compile -XDignore.symbol.file SaslGSS.java
- * @run main/othervm SaslGSS
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock SaslGSS
 */
 import javax.security.auth.callback.Callback;

--- a/test/sun/security/krb5/auto/SaslUnbound.java
+++ b/test/sun/security/krb5/auto/SaslUnbound.java
@@ -26,11 +26,11 @@
 * @bug 8001104
 * @summary Unbound SASL service: the GSSAPI/krb5 mech
 * @compile -XDignore.symbol.file SaslUnbound.java
- * @run main/othervm SaslUnbound 0
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock SaslUnbound 0
- * @run main/othervm/fail SaslUnbound 1
+ * @run main/othervm/fail -Dsun.net.spi.nameservice.provider.1=ns,mock SaslUnbound 1
- * @run main/othervm/fail SaslUnbound 2
+ * @run main/othervm/fail -Dsun.net.spi.nameservice.provider.1=ns,mock SaslUnbound 2
- * @run main/othervm/fail SaslUnbound 3
+ * @run main/othervm/fail -Dsun.net.spi.nameservice.provider.1=ns,mock SaslUnbound 3
- * @run main/othervm/fail SaslUnbound 4
+ * @run main/othervm/fail -Dsun.net.spi.nameservice.provider.1=ns,mock SaslUnbound 4
 */
 import java.io.IOException;
 import java.util.Arrays;

--- a/test/sun/security/krb5/auto/SpnegoLifeTime.java
+++ b/test/sun/security/krb5/auto/SpnegoLifeTime.java
@@ -26,7 +26,7 @@
 * @bug 8000653
 * @summary SPNEGO tests fail at context.getDelegCred().getRemainingInitLifetime(mechOid)
 * @compile -XDignore.symbol.file SpnegoLifeTime.java
- * @run main/othervm SpnegoLifeTime
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock SpnegoLifeTime
 */
 import org.ietf.jgss.Oid;

--- a/test/sun/security/krb5/auto/SpnegoReqFlags.java
+++ b/test/sun/security/krb5/auto/SpnegoReqFlags.java
@@ -24,7 +24,7 @@
 /*
 * @test
 * @bug 6815182
- * @run main/othervm SpnegoReqFlags
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock SpnegoReqFlags
 * @summary GSSAPI/SPNEGO does not work with server using MIT Kerberos library
 */

--- a/test/sun/security/krb5/auto/TcpTimeout.java
+++ b/test/sun/security/krb5/auto/TcpTimeout.java
@@ -25,7 +25,7 @@
 * @test
 * @bug 6952519
 * @compile -XDignore.symbol.file TcpTimeout.java
- * @run main/othervm TcpTimeout
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock TcpTimeout
 * @summary kdc_timeout is not being honoured when using TCP
 */

--- a/test/sun/security/krb5/auto/Test5653.java
+++ b/test/sun/security/krb5/auto/Test5653.java
@@ -24,7 +24,7 @@
 /*
 * @test
 * @bug 6895424
- * @run main/othervm Test5653
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock Test5653
 * @summary RFC 5653
 */

--- a/test/sun/security/krb5/auto/TicketSName.java
+++ b/test/sun/security/krb5/auto/TicketSName.java
@@ -26,7 +26,7 @@
 * @bug 8178794
 * @summary krb5 client should ignore sname in incoming tickets
 * @compile -XDignore.symbol.file TicketSName.java
- * @run main/othervm -Dtest.kdc.diff.sname TicketSName
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock -Dtest.kdc.diff.sname TicketSName
 */
 import sun.security.jgss.GSSUtil;

--- a/test/sun/security/krb5/auto/TwoOrThree.java
+++ b/test/sun/security/krb5/auto/TwoOrThree.java
@@ -26,11 +26,11 @@
 * @bug 8005447
 * @summary default principal can act as anyone
 * @compile -XDignore.symbol.file TwoOrThree.java
- * @run main/othervm TwoOrThree first first
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock TwoOrThree first first
- * @run main/othervm/fail TwoOrThree first second
+ * @run main/othervm/fail -Dsun.net.spi.nameservice.provider.1=ns,mock TwoOrThree first second
- * @run main/othervm TwoOrThree - first
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock TwoOrThree - first
- * @run main/othervm TwoOrThree - second
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock TwoOrThree - second
- * @run main/othervm/fail TwoOrThree - third
+ * @run main/othervm/fail -Dsun.net.spi.nameservice.provider.1=ns,mock TwoOrThree - third
 */
 import java.nio.file.Files;

--- a/test/sun/security/krb5/auto/TwoPrinces.java
+++ b/test/sun/security/krb5/auto/TwoPrinces.java
@@ -25,7 +25,7 @@
 * @test
 * @bug 6894072
 * @compile -XDignore.symbol.file TwoPrinces.java
- * @run main/othervm TwoPrinces
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock TwoPrinces
 * @summary always refresh keytab
 */

--- a/test/sun/security/krb5/auto/TwoTab.java
+++ b/test/sun/security/krb5/auto/TwoTab.java
@@ -26,7 +26,7 @@
 * @bug 7152176
 * @summary More krb5 tests
 * @compile -XDignore.symbol.file TwoTab.java
- * @run main/othervm TwoTab
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock TwoTab
 */
 import java.io.File;

--- a/test/sun/security/krb5/auto/UdpTcp.java
+++ b/test/sun/security/krb5/auto/UdpTcp.java
@@ -24,8 +24,8 @@
 /*
 * @test
 * @bug 4966382 8039132
- * @run main/othervm UdpTcp UDP
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock UdpTcp UDP
- * @run main/othervm UdpTcp TCP
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock UdpTcp TCP
 * @summary udp or tcp
 */

--- a/test/sun/security/krb5/auto/UnboundSSL.java
+++ b/test/sun/security/krb5/auto/UnboundSSL.java
@@ -34,9 +34,9 @@ import javax.security.auth.login.LoginException;
 * @bug 8025123
 * @summary Checks if an unbound server can handle connections
 *          only for allowed service principals
- * @run main/othervm/java.security.policy=unbound.ssl.policy UnboundSSL
+ * @run main/othervm/java.security.policy=unbound.ssl.policy -Dsun.net.spi.nameservice.provider.1=ns,mock UnboundSSL
 *                              unbound.ssl.jaas.conf server_star
- * @run main/othervm/java.security.policy=unbound.ssl.policy UnboundSSL
+ * @run main/othervm/java.security.policy=unbound.ssl.policy -Dsun.net.spi.nameservice.provider.1=ns,mock UnboundSSL
 *                              unbound.ssl.jaas.conf server_multiple_principals
 */
 public class UnboundSSL {

--- a/test/sun/security/krb5/auto/UnboundSSLMultipleKeys.java
+++ b/test/sun/security/krb5/auto/UnboundSSLMultipleKeys.java
@@ -33,9 +33,9 @@ import javax.security.auth.login.LoginException;
 * @test
 * @bug 8025123
 * @summary Checks if an unbound server pick up a correct key from keytab
- * @run main/othervm UnboundSSLMultipleKeys
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock UnboundSSLMultipleKeys
 *                              unbound.ssl.jaas.conf server_star
- * @run main/othervm UnboundSSLMultipleKeys
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock UnboundSSLMultipleKeys
 *                              unbound.ssl.jaas.conf server_multiple_principals
 */
 public class UnboundSSLMultipleKeys {

--- a/test/sun/security/krb5/auto/UnboundSSLPrincipalProperty.java
+++ b/test/sun/security/krb5/auto/UnboundSSLPrincipalProperty.java
@@ -33,9 +33,9 @@ import javax.security.auth.login.LoginException;
 * @bug 8025123
 * @summary Checks if an unbound server uses a service principal
 *          from sun.security.krb5.principal system property if specified
- * @run main/othervm UnboundSSLPrincipalProperty
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock UnboundSSLPrincipalProperty
 *                              unbound.ssl.jaas.conf server_star
- * @run main/othervm UnboundSSLPrincipalProperty
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock UnboundSSLPrincipalProperty
 *                              unbound.ssl.jaas.conf server_multiple_principals
 */
 public class UnboundSSLPrincipalProperty {

--- a/test/sun/security/krb5/auto/UnboundService.java
+++ b/test/sun/security/krb5/auto/UnboundService.java
@@ -26,14 +26,14 @@
 * @bug 8001104
 * @summary Unbound SASL service: the GSSAPI/krb5 mech
 * @compile -XDignore.symbol.file UnboundService.java
- * @run main/othervm UnboundService null null
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock UnboundService null null
- * @run main/othervm UnboundService server/host.rabbit.hole null
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock UnboundService server/host.rabbit.hole null
- * @run main/othervm UnboundService server/host.rabbit.hole@RABBIT.HOLE null
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock UnboundService server/host.rabbit.hole@RABBIT.HOLE null
- * @run main/othervm/fail UnboundService backend/host.rabbit.hole null
+ * @run main/othervm/fail -Dsun.net.spi.nameservice.provider.1=ns,mock UnboundService backend/host.rabbit.hole null
- * @run main/othervm UnboundService null server@host.rabbit.hole
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock UnboundService null server@host.rabbit.hole
- * @run main/othervm UnboundService server/host.rabbit.hole server@host.rabbit.hole
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock UnboundService server/host.rabbit.hole server@host.rabbit.hole
- * @run main/othervm UnboundService server/host.rabbit.hole@RABBIT.HOLE server@host.rabbit.hole
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock UnboundService server/host.rabbit.hole@RABBIT.HOLE server@host.rabbit.hole
- * @run main/othervm/fail UnboundService backend/host.rabbit.hole server@host.rabbit.hole
+ * @run main/othervm/fail -Dsun.net.spi.nameservice.provider.1=ns,mock UnboundService backend/host.rabbit.hole server@host.rabbit.hole
 */
 import java.io.File;

--- a/test/sun/security/krb5/auto/UseCacheAndStoreKey.java
+++ b/test/sun/security/krb5/auto/UseCacheAndStoreKey.java
@@ -27,7 +27,7 @@
 * @summary Krb5LoginModule shows NPE when both useTicketCache and storeKey
 *          are set to true
 * @compile -XDignore.symbol.file UseCacheAndStoreKey.java
- * @run main/othervm UseCacheAndStoreKey
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock UseCacheAndStoreKey
 */
 import java.io.FileOutputStream;

--- a/test/sun/security/krb5/auto/W83.java
+++ b/test/sun/security/krb5/auto/W83.java
@@ -26,8 +26,8 @@
 * @bug 6932525 6951366 6959292
 * @summary kerberos login failure on win2008 with AD set to win2000 compat mode
 * and cannot login if session key and preauth does not use the same etype
- * @run main/othervm -D6932525 W83
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock -D6932525 W83
- * @run main/othervm -D6959292 W83
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock -D6959292 W83
 */
 import com.sun.security.auth.module.Krb5LoginModule;
 import java.io.File;