[security-dev 01452]: code reviewer request: 6844193: support max_retries in krb5.conf
Weijun.Wang at Sun.COM
Wed Dec 9 00:00:06 PST 2009
Another RFE, please take a review:
Basically, this RFE allows max_retries, kdc_timeout, and
udp_preference_limit to be configurable in three layers:
1. hard coded defaults in JRE
2. global values in krb5.conf's [libdefaults]
3. realm-specific in krb5.conf's [realms]
Currently, max_retries is simply not configurable,
udp_preference_limit can only be configured globally, and kdc_timeout
can be configured to be realm-specific. This RFE put them in the same
This RFE is for OpenJDK 7 only.
On Dec 9, 2009, at 11:54 AM, Max (Weijun) Wang wrote:
> Hi Valerie
> Webrev updated:
> 1. Add synchronized modifier to all methods
> 2. s/PreferredKDCList/KdcAccessbility/g
> 3. s/goodkdcs/list/g
> Hi All
> I need another code reviewer, want to backport it to 6u20.
> The bug is at --
> The description of the fix is at --
> On Dec 9, 2009, at 8:59 AM, Valerie Peng wrote:
>> Hi, Max,
>> Ok, it sounds like there isn't an easy way to centralize the KDC
>> accessibility policy, timeout, and the number of retries. Let's
>> just leave it as is then.
>> Your changes generally looks fine and here are my only comments:
>> 1. PreferredKDCList.bads is of type HashSet whose access needs to
>> be explicitly synchronized?
>> 2. Some nitpicking on naming, it seems somewhat confusing to name
>> the class "PreferredKDCList" when it includes all kdcs for that
>> specific realm. Maybe something like "KdcAvailability",
>> "KdcAccessibility", or "KdcByAvailability", etc. Same goes for the
>> local variable "goodkdcs" in its list(String) method which actually
>> contains all kdcs for the specific realm in the end.
>> On 11/22/09 22:10, Max (Weijun) Wang wrote:
More information about the security-dev