Are you OK with this difference? Thanks Max
> On Nov 18, 2014, at 15:02, Wang Weijun <weijun.w...@oracle.com> wrote: > > >> On Nov 18, 2014, at 07:43, Valerie Peng <valerie.p...@oracle.com> wrote: >> >> >> The default value 0 for the "renew_lifetime" is documented in MIT's Kerberos >> conf documentation. >> http://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html >> However, I am not sure how this 0 value should be interpreted/handled. > > From what I observe, MIT kinit by default sends a null rtime. So it is the > same as us. > > On the other hand, MIT kinit default sets RENEWABLE_OK, so it always receives > a renewable ticket and the renewable lifetime set by KDC. In Java, we only > set it when "renewable = true" is included in krb5.conf (see > KDCOptions::setDefault), so by default java kinit gets a non-renewable ticket. > > Thanks > Max > > >> Valerie >> On 11/17/2014 12:23 AM, Wang Weijun wrote: >>>> On Nov 15, 2014, at 09:25, Valerie Peng<valerie.p...@oracle.com> wrote: >>>> >>>> Max, >>>> >>>> Most looks fine, just some questions. >>>> >>>> - Kinit.java: line 56, it should be >>>> "sun.security.krb5.internal.tools.Kinit"? >>> Correct. >>> >>>> - Kinit.java: for the switch block from 135 - 142: add a default case to >>>> catch illegal values? >>> Done. >>> >>>> - Kinit.java: line 163, doesn't the credentials cache exist already? >>> This line would remove all existing service tickets so they will be >>> re-acquired using the new TGT. I copied this behavior from other vendors. >>> >>>> - KrbAsReq.java: line 128, what if rtime is 0 (default value)? >>> Not sure if I understand. There is no default value for "renew_lifetime". >>> If it does not exist inside krb5.conf, then rtime is not reassigned, which >>> is still null. >>> >>>> - KDC.java: line 879-883, how can you be sure that there is always more >>>> than 1 eType and that the 2nd eType is supported. >>> I'll throw KDC_ERR_ETYPE_NOSUPP. >>> >>> Thanks >>> Max >>> >>>> Valerie >>>> >>>> On 11/6/2014 10:31 AM, Valerie Peng wrote: >>>>> OK, I will take a look. >>>>> >>>>> Thanks, >>>>> Valerie >>>>> >>>>> On 11/5/2014 10:04 PM, Wang Weijun wrote: >>>>>> Ping ping... >>>>>> >>>>>>> On Oct 20, 2014, at 13:22, Wang Weijun<weijun.w...@oracle.com> wrote: >>>>>>> >>>>>>> Anyone can take a look? >>>>>>> >>>>>>>> On Sep 25, 2014, at 18:54, Wang Weijun<weijun.w...@oracle.com> wrote: >>>>>>>> >>>>>>>> Hi All >>>>>>>> >>>>>>>> Please review the code change at >>>>>>>> >>>>>>>> http://cr.openjdk.java.net/~weijun/8044500/webrev.00 >>>>>>>> >>>>>>>> It adds support for ticket_lifetime and renew_lifetime in krb5.conf, >>>>>>>> and add -r -l -R to kinit (on Windows). >>>>>>>> >>>>>>>> Thanks >>>>>>>> Max >>>>>>>> >
