> On Nov 18, 2014, at 07:43, Valerie Peng <valerie.p...@oracle.com> wrote: > > > The default value 0 for the "renew_lifetime" is documented in MIT's Kerberos > conf documentation. > http://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html > However, I am not sure how this 0 value should be interpreted/handled.
From what I observe, MIT kinit by default sends a null rtime. So it is the same as us. On the other hand, MIT kinit default sets RENEWABLE_OK, so it always receives a renewable ticket and the renewable lifetime set by KDC. In Java, we only set it when "renewable = true" is included in krb5.conf (see KDCOptions::setDefault), so by default java kinit gets a non-renewable ticket. Thanks Max > Valerie > On 11/17/2014 12:23 AM, Wang Weijun wrote: >>> On Nov 15, 2014, at 09:25, Valerie Peng<valerie.p...@oracle.com> wrote: >>> >>> Max, >>> >>> Most looks fine, just some questions. >>> >>> - Kinit.java: line 56, it should be >>> "sun.security.krb5.internal.tools.Kinit"? >> Correct. >> >>> - Kinit.java: for the switch block from 135 - 142: add a default case to >>> catch illegal values? >> Done. >> >>> - Kinit.java: line 163, doesn't the credentials cache exist already? >> This line would remove all existing service tickets so they will be >> re-acquired using the new TGT. I copied this behavior from other vendors. >> >>> - KrbAsReq.java: line 128, what if rtime is 0 (default value)? >> Not sure if I understand. There is no default value for "renew_lifetime". If >> it does not exist inside krb5.conf, then rtime is not reassigned, which is >> still null. >> >>> - KDC.java: line 879-883, how can you be sure that there is always more >>> than 1 eType and that the 2nd eType is supported. >> I'll throw KDC_ERR_ETYPE_NOSUPP. >> >> Thanks >> Max >> >>> Valerie >>> >>> On 11/6/2014 10:31 AM, Valerie Peng wrote: >>>> OK, I will take a look. >>>> >>>> Thanks, >>>> Valerie >>>> >>>> On 11/5/2014 10:04 PM, Wang Weijun wrote: >>>>> Ping ping... >>>>> >>>>>> On Oct 20, 2014, at 13:22, Wang Weijun<weijun.w...@oracle.com> wrote: >>>>>> >>>>>> Anyone can take a look? >>>>>> >>>>>>> On Sep 25, 2014, at 18:54, Wang Weijun<weijun.w...@oracle.com> wrote: >>>>>>> >>>>>>> Hi All >>>>>>> >>>>>>> Please review the code change at >>>>>>> >>>>>>> http://cr.openjdk.java.net/~weijun/8044500/webrev.00 >>>>>>> >>>>>>> It adds support for ticket_lifetime and renew_lifetime in krb5.conf, >>>>>>> and add -r -l -R to kinit (on Windows). >>>>>>> >>>>>>> Thanks >>>>>>> Max >>>>>>>
