Can you give an estimate about when or in which version this might be available ?
On Tue, Mar 5, 2013 at 7:16 AM, Weijun Wang <weijun.w...@oracle.com> wrote: > Hi Vipul > > No, we don't have such a setting now but we are considering adding one, > most likely using a krb5.conf key-value pair. > > Thanks > Max > > > > On 3/4/13 1:23 PM, Vipul Mehta wrote: > >> Hi, >> >> I want to disable the replay cache during context establishment in >> Kerberos ( JGSS ) to avoid Request is a replay (34) exception. JGSS >> provides the method requestReplayDet() to be called on initiator side >> but this works only to detect replay of tokens passed after context >> establishment. context.requestReplayDet(**false) doesn't prevent the >> replay exception during context establishment. >> >> I am using separate context for each thread. For replay detection, JGSS >> just checks if multiple context establishment request from a client has >> same timestamp in authenticator. With several threads using the same >> client principal, it may happen that the replay attack detected is false >> positive. >> >> MIT kerberos provides a way to disable replay cache by setting >> KRB5RCACHENAME=none in environment variables. In JGSS, it looks like >> there is no such thing. >> >> >> -- >> Regards, >> Vipul >> > -- Regards, Vipul
