Hi Chris
A new webrev is created at
http://cr.openjdk.java.net/~weijun/6578647/webrev.01
Now all HttpCallerInfo creations are inline, so the diff is much
clearer. There's one place I didn't call toLowerCase(), the call is
moved into NegotiatorImpl right before the service principal name
Hi Valerie
Another RFE, please take a review:
http://cr.openjdk.java.net/~weijun/6844193/webrev.02/
Basically, this RFE allows max_retries, kdc_timeout, and
udp_preference_limit to be configurable in three layers:
1. hard coded defaults in JRE
2. global values in krb5.conf's [libdef
Hi Guys
What's the best way to find out what ProtectionDomains are effective
currently (or for a given AccessControlContext)?
For "effective", I mean those since the last doPrivileged call.
Thanks
Max
Hi All
I've tried to disable realm name case check in JDK (equals ->
equalsIgnoreCase), and it works. In fact, I do several experiments to
change the case of principal names, realm names, service names and
hostnames, and MSAD just doesn't care. This is another case of
Microsoft's long term habit o
Hi All
Current sun.security.krb5.Credentials's acquireTGTFromCache method looks
like --
Cred acquireTGTFromCache(princ, fcache) {
if (fcache not specified) {
if (Windows) {
cred = function {
get default TGT from default file cache;
if (found && etypeSupported) return i
Hi Everyone
We, the Java SE security group at Sun, are planning to do some
performance analysis on various security components in Java. The first
target is JSSE. I'm thinking of JGSS/Kerberos and AccessController
permission check also.
Do you have any particular experiences (or known issues, with
Is there a name list for "Reviewed-by"?
Thanks
Max
Hi Asaf
Thanks for watching the list. :)
Basically I want to encode "HTTP on host.server.com" into a service
principal like "HTTP/[EMAIL PROTECTED]".
By changing the nameType to GSSName.NT_HOSTBASED_SERVICE, it means the
underlying Kerberos principal should be of the NT-SRV-HST type.
According t
