Details
-
Enhancement
-
Resolution: Fixed
-
P3
-
9
Description
Kerberos 5 enhancements for http://download.java.net/jdk9/docs/technotes/guides/security/jgss/jgss-api-mechanism.html. In "Supported krb5.conf Settings":
1. Update "In Java SE 7" to "In Java SE 9".
2. Prepend the following 2 lines before "[libdefaults]":
include FILENAME
includedir DIRNAME
3. Add 3 new lines at the end of the "[libdefaults]" section:
max_retries =
renew_lifetime =
ticket_lifetime =
4. Update the "[realms]" section to
[realms]
REALM.NAME = {
kdc =
kdc_timeout =
udp_preference_limit =
max_retries =
}
5. In the default values part, update these values:
udp_preference_limit from -1 to "1465 (-1 in JDK 7)"
kdc_timeout from "30000" to "30s (30000 in JDK 7)"
dns_lookup_realm from true to false, and remove the "(false in JDK 6)" words
1. Update "In Java SE 7" to "In Java SE 9".
2. Prepend the following 2 lines before "[libdefaults]":
include FILENAME
includedir DIRNAME
3. Add 3 new lines at the end of the "[libdefaults]" section:
max_retries =
renew_lifetime =
ticket_lifetime =
4. Update the "[realms]" section to
[realms]
REALM.NAME = {
kdc =
kdc_timeout =
udp_preference_limit =
max_retries =
}
5. In the default values part, update these values:
udp_preference_limit from -1 to "1465 (-1 in JDK 7)"
kdc_timeout from "30000" to "30s (30000 in JDK 7)"
dns_lookup_realm from true to false, and remove the "(false in JDK 6)" words
Attachments
Issue Links
- relates to
-
JDK-8036779 sun.security.krb5.KdcComm interprets kdc_timeout as msec instead of sec
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-