code review request: 7162687: enhance KDC server availability detection

Weijun Wang at
Wed Apr 18 20:21:03 PDT 2012

Hi Valerie

Please take a review at

Basically I add a connect() before send/receive and if a KDC UDP server 
is not on, an ICMP Port Unreachable message will be received 
immediately, and there will be no more retry on the same KDC.

In the tests, an idle DatagramSocket must be created to avoid the ICMP 
message being sent. I also enhance the BadKdc tests to check the new 
behavior: When no idle DatagramSocket is created, there are no more 
retries on the same KDC, but you can still see krb5.kdc.bad.policy working.


-------- Original Message --------
*Change Request ID*: 7162687
*Synopsis*: enhance KDC server availability detection

   Product: java
   Category: java
   Subcategory: classes_security
   Type: RFE

=== *Description* 
Currently if there are multiple KDCs defined for a realm, we send UDP 
request to each one and wait for reply, when no reply is received, we 
retry. After several unsuccessful retries, we go on to the next KDC. The 
timeout for the wait is normally 30 seconds. If the KDCs defined are not 
all turned on, the time spent to finally get a response might be very 
long. This is especially true for customers having a main KDC and 
several slave KDCs and the main KDC is in maintenance.

In fact, there is a better way to detect if the KDC server is on by 
connect() to it first. In this way, an IMCP PortUnreachableException 
will be thrown in a later send/receive method immediately. Also, when 
this exception is thrown, we can be sure that the KDC server is off and 
there is no need to retry this one.

Please note that if a KDC is on but for various reasons it cannot reply 
in a timely manner, we will still wait for the timeout and do a retry.

*** (#1 of 1): 2012-04-19 02:56:04 GMT+00:00 at
*** Last Edit: 2012-04-19 02:57:44 GMT+00:00 at

More information about the security-dev mailing list