Code review request: 8001326: Improve Kerberos replay caching

Valerie (Yu-Ching) Peng valerie.peng at oracle.com
Fri May 31 01:16:02 UTC 2013


One question:
In DflCache.java, you mentioned that the old style block is always 
created even if a new style is available.
When both are present, Is it always new style before old one? The impl 
in DflCache.java seems to assume this.
Thanks,
Valerie

On 05/28/13 01:45, Weijun Wang wrote:
> Please review the code changes at
>
>    http://cr.openjdk.java.net/~weijun/8001326/webrev.00/
>
> Two new system properties are introduced. sun.security.krb5.rcache to 
> control what rcache type should be used. Besides the original one 
> (which does not need this system property to be set), we support dfl 
> and none now. Also, sun.security.krb5.acceptor.subkey can be set to 
> true to let acceptor generate a sub-key, so that even if a replayed 
> authenticator is not detected, a replayed message won't work.
>
> Thanks
> Max




More information about the security-dev mailing list