src/share/lib/security/java.security-solaris
Print this page
rev 10173 : 8014870: Faster KDC availability check in Kerberos
*** 376,412 ****
# is set then this property is ignored.
#
# Example,
# ocsp.responderCertSerialNumber=2A:FF:00
- #
- # Policy for failed Kerberos KDC lookups:
- #
- # When a KDC is unavailable (network error, service failure, etc), it is
- # put inside a blacklist and accessed less often for future requests. The
- # value (case-insensitive) for this policy can be:
- #
- # tryLast
- # KDCs in the blacklist are always tried after those not on the list.
- #
- # tryLess[:max_retries,timeout]
- # KDCs in the blacklist are still tried by their order in the configuration,
- # but with smaller max_retries and timeout values. max_retries and timeout
- # are optional numerical parameters (default 1 and 5000, which means once
- # and 5 seconds). Please notes that if any of the values defined here is
- # more than what is defined in krb5.conf, it will be ignored.
- #
- # Whenever a KDC is detected as available, it is removed from the blacklist.
- # The blacklist is reset when krb5.conf is reloaded. You can add
- # refreshKrb5Config=true to a JAAS configuration file so that krb5.conf is
- # reloaded whenever a JAAS authentication is attempted.
- #
- # Example,
- # krb5.kdc.bad.policy = tryLast
- # krb5.kdc.bad.policy = tryLess:2,2000
- krb5.kdc.bad.policy = tryLast
-
# Algorithm restrictions for certification path (CertPath) processing
#
# In some environments, certain algorithms or key lengths may be undesirable
# for certification path building and validation. For example, "MD2" is
# generally no longer considered to be a secure hash algorithm. This section
--- 376,385 ----