Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8208400

Offer static access to kdc_timeout, max_retries and udp_preference_limit

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: P4
    • Resolution: Won't Fix
    • Affects Version/s: 8u172
    • Fix Version/s: None
    • Component/s: security-libs

      Description

      Since the KDC retrieval can be wrong ( See https://bugs.openjdk.java.net/browse/JDK-8208295), if the system is trying to query a wrong KDC, it will have to wait by default 3 retry of 30 seconds, see KdcComm.java :
       defaultKdcTimeout = timeout > 0 ? timeout : 30*1000; // 30 seconds
              defaultKdcRetryLimit =
                      max_retries > 0 ? max_retries : Krb5.KDC_RETRY_LIMIT;
      Where KDC_RETRY_LIMIT = 3

      In Config.java, you can easily specify a kdc list with "java.security.krb5.kdc" or a realm with "java.security.krb5.realm". However, nothing is possible for the kdc_timeout.

      The only work-around right now is to manually produce a krb5.conf file, and give it to Java before any initialisation happen.

      We should have a static API, or a System property (also I'm not too fond of that) in order to change these values easily without loading a krb5.conf file.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                weijun Weijun Wang
                Reporter:
                shadzic Samir Hadzic
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: