JDK-7162687 : enhance KDC server availability detection
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 8
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2012-04-19
  • Updated: 2017-12-21
  • Resolved: 2012-06-12
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8 Other
8 b43Fixed openjdk7uFixed
Related Reports
Relates :  
JDK-7164518 - No PortUnreachableException when connecting to a non-existing DatagramSocket (mac)
Description
Currently if there are multiple KDCs defined for a realm, we send UDP request to each one and wait for reply, when no reply is received, we retry. After several unsuccessful retries, we go on to the next KDC. The timeout for the wait is normally 30 seconds. If the KDCs defined are not all turned on, the time spent to finally get a response might be very long. This is especially true for customers having a main KDC and several slave KDCs and the main KDC is in maintenance.

In fact, there is a better way to detect if the KDC server is on by connect() to it first. In this way, an IMCP PortUnreachableException will be thrown in a later send/receive method immediately. Also, when this exception is thrown, we can be sure that the KDC server is off and there is no need to retry this one.

Please note that if a KDC is on but for various reasons it cannot reply in a timely manner, we will still wait for the timeout and do a retry.
Comments
EVALUATION http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a2fc04c2dfc8
23-05-2012