src/share/lib/security/java.security-aix

rev 10173 : 8014870: Faster KDC availability check in Kerberos

*** 376,412 ****
  # is set then this property is ignored.
  #
  # Example,
  #   ocsp.responderCertSerialNumber=2A:FF:00
  
- #
- # Policy for failed Kerberos KDC lookups:
- #
- # When a KDC is unavailable (network error, service failure, etc), it is
- # put inside a blacklist and accessed less often for future requests. The
- # value (case-insensitive) for this policy can be:
- #
- # tryLast
- #    KDCs in the blacklist are always tried after those not on the list.
- #
- # tryLess[:max_retries,timeout]
- #    KDCs in the blacklist are still tried by their order in the configuration,
- #    but with smaller max_retries and timeout values. max_retries and timeout
- #    are optional numerical parameters (default 1 and 5000, which means once
- #    and 5 seconds). Please notes that if any of the values defined here is
- #    more than what is defined in krb5.conf, it will be ignored.
- #
- # Whenever a KDC is detected as available, it is removed from the blacklist.
- # The blacklist is reset when krb5.conf is reloaded. You can add
- # refreshKrb5Config=true to a JAAS configuration file so that krb5.conf is
- # reloaded whenever a JAAS authentication is attempted.
- #
- # Example,
- #   krb5.kdc.bad.policy = tryLast
- #   krb5.kdc.bad.policy = tryLess:2,2000
- krb5.kdc.bad.policy = tryLast
- 
  # Algorithm restrictions for certification path (CertPath) processing
  #
  # In some environments, certain algorithms or key lengths may be undesirable
  # for certification path building and validation.  For example, "MD2" is
  # generally no longer considered to be a secure hash algorithm.  This section
--- 376,385 ----