Code review request: 8001326: Improve Kerberos replay caching
Valerie (Yu-Ching) Peng
valerie.peng at oracle.com
Fri May 31 01:16:02 UTC 2013
One question:
In DflCache.java, you mentioned that the old style block is always
created even if a new style is available.
When both are present, Is it always new style before old one? The impl
in DflCache.java seems to assume this.
Thanks,
Valerie
On 05/28/13 01:45, Weijun Wang wrote:
> Please review the code changes at
>
> http://cr.openjdk.java.net/~weijun/8001326/webrev.00/
>
> Two new system properties are introduced. sun.security.krb5.rcache to
> control what rcache type should be used. Besides the original one
> (which does not need this system property to be set), we support dfl
> and none now. Also, sun.security.krb5.acceptor.subkey can be set to
> true to let acceptor generate a sub-key, so that even if a replayed
> authenticator is not detected, a replayed message won't work.
>
> Thanks
> Max
More information about the security-dev
mailing list