One question:
In DflCache.java, you mentioned that the old style block is always
created even if a new style is available.
When both are present, Is it always new style before old one? The impl
in DflCache.java seems to assume this.
Thanks,
Valerie
On 05/28/13 01:45, Weijun Wang wrote:
Please review the code changes at
http://cr.openjdk.java.net/~weijun/8001326/webrev.00/
Two new system properties are introduced. sun.security.krb5.rcache to
control what rcache type should be used. Besides the original one
(which does not need this system property to be set), we support dfl
and none now. Also, sun.security.krb5.acceptor.subkey can be set to
true to let acceptor generate a sub-key, so that even if a replayed
authenticator is not detected, a replayed message won't work.
Thanks
Max
