src/share/lib/security/java.security-aix
Print this page
rev 10173 : 8014870: Faster KDC availability check in Kerberos
@@ -376,37 +376,10 @@
# is set then this property is ignored.
#
# Example,
# ocsp.responderCertSerialNumber=2A:FF:00
-#
-# Policy for failed Kerberos KDC lookups:
-#
-# When a KDC is unavailable (network error, service failure, etc), it is
-# put inside a blacklist and accessed less often for future requests. The
-# value (case-insensitive) for this policy can be:
-#
-# tryLast
-# KDCs in the blacklist are always tried after those not on the list.
-#
-# tryLess[:max_retries,timeout]
-# KDCs in the blacklist are still tried by their order in the configuration,
-# but with smaller max_retries and timeout values. max_retries and timeout
-# are optional numerical parameters (default 1 and 5000, which means once
-# and 5 seconds). Please notes that if any of the values defined here is
-# more than what is defined in krb5.conf, it will be ignored.
-#
-# Whenever a KDC is detected as available, it is removed from the blacklist.
-# The blacklist is reset when krb5.conf is reloaded. You can add
-# refreshKrb5Config=true to a JAAS configuration file so that krb5.conf is
-# reloaded whenever a JAAS authentication is attempted.
-#
-# Example,
-# krb5.kdc.bad.policy = tryLast
-# krb5.kdc.bad.policy = tryLess:2,2000
-krb5.kdc.bad.policy = tryLast
-
# Algorithm restrictions for certification path (CertPath) processing
#
# In some environments, certain algorithms or key lengths may be undesirable
# for certification path building and validation. For example, "MD2" is
# generally no longer considered to be a secure hash algorithm. This section