The default value 0 for the "renew_lifetime" is documented in MIT's
Kerberos conf documentation.
http://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html
However, I am not sure how this 0 value should be interpreted/handled.
Valerie
On 11/17/2014 12:23 AM, Wang Weijun wrote:
On Nov 15, 2014, at 09:25, Valerie Peng<valerie.p...@oracle.com> wrote:
Max,
Most looks fine, just some questions.
- Kinit.java: line 56, it should be "sun.security.krb5.internal.tools.Kinit"?
Correct.
- Kinit.java: for the switch block from 135 - 142: add a default case to catch
illegal values?
Done.
- Kinit.java: line 163, doesn't the credentials cache exist already?
This line would remove all existing service tickets so they will be re-acquired
using the new TGT. I copied this behavior from other vendors.
- KrbAsReq.java: line 128, what if rtime is 0 (default value)?
Not sure if I understand. There is no default value for "renew_lifetime". If it
does not exist inside krb5.conf, then rtime is not reassigned, which is still null.
- KDC.java: line 879-883, how can you be sure that there is always more than 1
eType and that the 2nd eType is supported.
I'll throw KDC_ERR_ETYPE_NOSUPP.
Thanks
Max
Valerie
On 11/6/2014 10:31 AM, Valerie Peng wrote:
OK, I will take a look.
Thanks,
Valerie
On 11/5/2014 10:04 PM, Wang Weijun wrote:
Ping ping...
On Oct 20, 2014, at 13:22, Wang Weijun<weijun.w...@oracle.com> wrote:
Anyone can take a look?
On Sep 25, 2014, at 18:54, Wang Weijun<weijun.w...@oracle.com> wrote:
Hi All
Please review the code change at
http://cr.openjdk.java.net/~weijun/8044500/webrev.00
It adds support for ticket_lifetime and renew_lifetime in krb5.conf, and add -r
-l -R to kinit (on Windows).
Thanks
Max
