[security-dev 01452]: code reviewer request: 6844193: support max_retries in krb5.conf
Max Wang
Weijun.Wang at Sun.COM
Wed Dec 9 08:00:06 UTC 2009
Hi Valerie
Another RFE, please take a review:
http://cr.openjdk.java.net/~weijun/6844193/webrev.02/
Basically, this RFE allows max_retries, kdc_timeout, and
udp_preference_limit to be configurable in three layers:
1. hard coded defaults in JRE
2. global values in krb5.conf's [libdefaults]
3. realm-specific in krb5.conf's [realms]
Currently, max_retries is simply not configurable,
udp_preference_limit can only be configured globally, and kdc_timeout
can be configured to be realm-specific. This RFE put them in the same
level.
This RFE is for OpenJDK 7 only.
Thanks
Max
On Dec 9, 2009, at 11:54 AM, Max (Weijun) Wang wrote:
> Hi Valerie
>
> Webrev updated:
>
> http://cr.openjdk.java.net/~weijun/6843127/webrev.01
>
> 1. Add synchronized modifier to all methods
> 2. s/PreferredKDCList/KdcAccessbility/g
> 3. s/goodkdcs/list/g
>
> Hi All
>
> I need another code reviewer, want to backport it to 6u20.
>
> The bug is at --
>
> http://bugs.sun.com/view_bug.do?bug_id=6843127
>
> The description of the fix is at --
>
> http://cr.openjdk.java.net/~weijun/6843127/webrev.01/src/share/lib/security/java.security.cdiff.html
>
> Thanks
> Max
>
> On Dec 9, 2009, at 8:59 AM, Valerie Peng wrote:
>
>> Hi, Max,
>>
>> Ok, it sounds like there isn't an easy way to centralize the KDC
>> accessibility policy, timeout, and the number of retries. Let's
>> just leave it as is then.
>> Your changes generally looks fine and here are my only comments:
>> <KrbKdcReq.java>
>> 1. PreferredKDCList.bads is of type HashSet whose access needs to
>> be explicitly synchronized?
>> 2. Some nitpicking on naming, it seems somewhat confusing to name
>> the class "PreferredKDCList" when it includes all kdcs for that
>> specific realm. Maybe something like "KdcAvailability",
>> "KdcAccessibility", or "KdcByAvailability", etc. Same goes for the
>> local variable "goodkdcs" in its list(String) method which actually
>> contains all kdcs for the specific realm in the end.
>>
>> Thanks,
>> Valerie
>>
>> On 11/22/09 22:10, Max (Weijun) Wang wrote:
> ....
>
More information about the security-dev
mailing list