[9] RFR: 8075297: Tests for RFEs 4515853 and 4745056

Weijun Wang weijun.wang at oracle.com
Fri Jul 17 01:19:33 UTC 2015


One final point.

You have the timeout set to 5 minutes in

+ * @run main/othervm/timeout=300 BogusKDC

Did you observe the test spending a lot of time?  A kerberos client is 
designed to timeout after 30 seconds if there is no reply from a KDC but 
sometimes it could be very fast if the KDC does not exist (i.e. not 
listening on the port at all). Sometimes it could be even slower if the 
client believes the KDC is there and it will retry for 3 times. This can 
also be platform dependent, for example, on Mac there is no 
PortUnreachableException.

I suggest you add a "max_retries = 1" to [libdefaults] of krb5.conf in 
case the worst thing happens. You can also add "kdc_timeout = 10s". 
Don't make it too short, some embedded Linux are very slow.

I am trying to drag the review process longer so you can push it 
yourself. :-)

Thanks
Max

On 07/17/2015 05:05 AM, Artem Smotrakov wrote:
> Hi Max,
>
> Good point, please see an updated webrev:
>
> http://cr.openjdk.java.net/~asmotrak/8075297/webrev.01/
>
> Artem
>
>


More information about the security-dev mailing list