JDK-8153932 : Update Kerberos 5 GSS-API Mechanism technotes
  • Type: Enhancement
  • Component: docs
  • Sub-Component: guides
  • Affected Version: 9
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2016-04-11
  • Updated: 2016-08-23
  • Resolved: 2016-08-23
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 9
9Fixed
Related Reports
Relates :  
Relates :  
Relates :  
Relates :  
Description
Kerberos 5 enhancements for http://download.java.net/jdk9/docs/technotes/guides/security/jgss/jgss-api-mechanism.html. In "Supported krb5.conf Settings":

1. Update "In Java SE 7" to "In Java SE 9".

2. Prepend the following 2 lines before "[libdefaults]":

  include FILENAME
  includedir DIRNAME

3. Add 3 new lines at the end of the "[libdefaults]" section:

  max_retries =
  renew_lifetime =
  ticket_lifetime =

4. Update the "[realms]" section to

  [realms]
    REALM.NAME = {
      kdc =
      kdc_timeout = 
      udp_preference_limit =
      max_retries = 
    }

5. In the default values part, update these values:

   udp_preference_limit from -1 to "1465 (-1 in JDK 7)"
   kdc_timeout from "30000" to "30s (30000 in JDK 7)"
   dns_lookup_realm from true to false, and remove the "(false in JDK 6)" words
   
Comments
Fix reviewed by Weijun Wang: http://review.us.oracle.com/review2/Review.html#reviewId=305101;scope;scope=document;status=open,fixed;documentId=1513936
23-08-2016