[9] RFR: 8075297: Tests for RFEs 4515853 and 4745056

Weijun Wang weijun.wang at oracle.com
Fri Jul 17 01:19:33 UTC 2015

One final point.

You have the timeout set to 5 minutes in

+ * @run main/othervm/timeout=300 BogusKDC

Did you observe the test spending a lot of time?  A kerberos client is 
designed to timeout after 30 seconds if there is no reply from a KDC but 
sometimes it could be very fast if the KDC does not exist (i.e. not 
listening on the port at all). Sometimes it could be even slower if the 
client believes the KDC is there and it will retry for 3 times. This can 
also be platform dependent, for example, on Mac there is no 

I suggest you add a "max_retries = 1" to [libdefaults] of krb5.conf in 
case the worst thing happens. You can also add "kdc_timeout = 10s". 
Don't make it too short, some embedded Linux are very slow.

I am trying to drag the review process longer so you can push it 
yourself. :-)


On 07/17/2015 05:05 AM, Artem Smotrakov wrote:
> Hi Max,
> Good point, please see an updated webrev:
> http://cr.openjdk.java.net/~asmotrak/8075297/webrev.01/
> Artem

More information about the security-dev mailing list