Code review request: 8001326: Improve Kerberos replay caching

Weijun Wang weijun.wang at oracle.com
Tue May 28 08:45:26 UTC 2013


Please review the code changes at

    http://cr.openjdk.java.net/~weijun/8001326/webrev.00/

Two new system properties are introduced. sun.security.krb5.rcache to 
control what rcache type should be used. Besides the original one (which 
does not need this system property to be set), we support dfl and none 
now. Also, sun.security.krb5.acceptor.subkey can be set to true to let 
acceptor generate a sub-key, so that even if a replayed authenticator is 
not detected, a replayed message won't work.

Thanks
Max



More information about the security-dev mailing list