Code review request: 8001326: Improve Kerberos replay caching
Weijun Wang
weijun.wang at oracle.com
Tue May 28 08:45:26 UTC 2013
Please review the code changes at
http://cr.openjdk.java.net/~weijun/8001326/webrev.00/
Two new system properties are introduced. sun.security.krb5.rcache to
control what rcache type should be used. Besides the original one (which
does not need this system property to be set), we support dfl and none
now. Also, sun.security.krb5.acceptor.subkey can be set to true to let
acceptor generate a sub-key, so that even if a replayed authenticator is
not detected, a replayed message won't work.
Thanks
Max
More information about the security-dev
mailing list