Code review request: 8001326: Improve Kerberos replay caching (original) (raw)
Weijun Wang weijun.wang at oracle.com
Thu Jun 6 01:32:29 UTC 2013
- Previous message (by thread): hg: jdk8/tl/nashorn: 6 new changesets
- Next message (by thread): On port in [domain_realm]
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 5/31/13 9:16 AM, Valerie (Yu-Ching) Peng wrote:
One question: In DflCache.java, you mentioned that the old style block is always created even if a new style is available. When both are present, Is it always new style before old one? The impl in DflCache.java seems to assume this.
Yes. This is also what MIT krb5 does. I can add a comment on it.
Thanks Max
Thanks, Valerie
On 05/28/13 01:45, Weijun Wang wrote: Please review the code changes at
http://cr.openjdk.java.net/~weijun/8001326/webrev.00/ Two new system properties are introduced. sun.security.krb5.rcache to control what rcache type should be used. Besides the original one (which does not need this system property to be set), we support dfl and none now. Also, sun.security.krb5.acceptor.subkey can be set to true to let acceptor generate a sub-key, so that even if a replayed authenticator is not detected, a replayed message won't work. Thanks Max
- Previous message (by thread): hg: jdk8/tl/nashorn: 6 new changesets
- Next message (by thread): On port in [domain_realm]
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]