I cannot guarantee a time, maybe within a month in jdk8, and the next
jdk7u release after it appears in 8.
-Max
On 3/5/13 5:16 PM, Vipul Mehta wrote:
Can you give an estimate about when or in which version this might be
available ?
On Tue, Mar 5, 2013 at 7:16 AM, Weijun Wang <weijun.w...@oracle.com
<mailto:weijun.w...@oracle.com>> wrote:
Hi Vipul
No, we don't have such a setting now but we are considering adding
one, most likely using a krb5.conf key-value pair.
Thanks
Max
On 3/4/13 1:23 PM, Vipul Mehta wrote:
Hi,
I want to disable the replay cache during context establishment in
Kerberos ( JGSS ) to avoid Request is a replay (34) exception. JGSS
provides the method requestReplayDet() to be called on initiator
side
but this works only to detect replay of tokens passed after context
establishment. context.requestReplayDet(__false) doesn't prevent the
replay exception during context establishment.
I am using separate context for each thread. For replay
detection, JGSS
just checks if multiple context establishment request from a
client has
same timestamp in authenticator. With several threads using the same
client principal, it may happen that the replay attack detected
is false
positive.
MIT kerberos provides a way to disable replay cache by setting
KRB5RCACHENAME=none in environment variables. In JGSS, it looks like
there is no such thing.
--
Regards,
Vipul
--
Regards,
Vipul
