83             try (DatagramSocket d1 = new DatagramSocket();
  84                  DatagramSocket d2 = new DatagramSocket()) {
  85                 run(d1.getLocalPort(), d2.getLocalPort(), kdc.getPort());
  86             }
  87         } else {
  88             try (ServerSocket d1 = new ServerSocket(0);
  89                  ServerSocket d2 = new ServerSocket(0)) {
  90                 run(d1.getLocalPort(), d2.getLocalPort(), kdc.getPort());
  91             }
  92         }
  93     }
  94 
  95     static void run(int p1, int p2, int p3) throws Exception {
  96 
  97         // cm.kdc() will return a and b for fake KDCs, and c for real KDC.
  98         cm.addPort(-1).addPort(p1).addPort(p2).addPort(p3);
  99 
 100         System.setProperty("java.security.krb5.conf", "alternative-krb5.conf");
 101 
 102         // Check default timeout is 30s. Use real KDC only, otherwise too
 103         // slow to wait for timeout.


 104         writeConf(-1, -1, p3);
 105         test("c30000c30000");
 106 
 107         // 1. Default policy is tryLast
 108         //Security.setProperty("krb5.kdc.bad.policy", "tryLast");
 109 
 110         // Need a real KDC, otherwise there is no last good.
 111         // This test waste 3 seconds waiting for d1 to timeout.
 112         // It is possible the real KDC cannot fulfil the request
 113         // in 3s, so it might fail (either 1st time or 2nd time).
 114         writeConf(1, 3000, p1, p3);
 115         test("a3000c3000c3000|a3000c3000-|a3000c3000c3000a3000-");
 116 
 117         // If a test case won't use a real KDC, it can be sped up.
 118         writeConf(3, 5, p1, p2);
 119         test("a5a5a5b5b5b5-");  // default max_retries == 3
 120         test("a5a5a5b5b5b5-");  // all bad means no bad
 121 
 122         // 2. No policy.
 123         Security.setProperty("krb5.kdc.bad.policy", "");
 124         Config.refresh();
 125 

  83             try (DatagramSocket d1 = new DatagramSocket();
  84                  DatagramSocket d2 = new DatagramSocket()) {
  85                 run(d1.getLocalPort(), d2.getLocalPort(), kdc.getPort());
  86             }
  87         } else {
  88             try (ServerSocket d1 = new ServerSocket(0);
  89                  ServerSocket d2 = new ServerSocket(0)) {
  90                 run(d1.getLocalPort(), d2.getLocalPort(), kdc.getPort());
  91             }
  92         }
  93     }
  94 
  95     static void run(int p1, int p2, int p3) throws Exception {
  96 
  97         // cm.kdc() will return a and b for fake KDCs, and c for real KDC.
  98         cm.addPort(-1).addPort(p1).addPort(p2).addPort(p3);
  99 
 100         System.setProperty("java.security.krb5.conf", "alternative-krb5.conf");
 101 
 102         // Check default timeout is 30s. Use real KDC only, otherwise too
 103         // slow to wait for timeout. Each request (without preauth and with
 104         // preauth) might be retried 3 times, and could fail if one fails for
 105         // all 3 times.
 106         writeConf(-1, -1, p3);
 107         test("(c30000){2,6}|(c30000){3,6}-");
 108 
 109         // 1. Default policy is tryLast
 110         //Security.setProperty("krb5.kdc.bad.policy", "tryLast");
 111 
 112         // Need a real KDC, otherwise there is no last good.
 113         // This test waste 3 seconds waiting for d1 to timeout.
 114         // It is possible the real KDC cannot fulfil the request
 115         // in 3s, so it might fail (either 1st time or 2nd time).
 116         writeConf(1, 3000, p1, p3);
 117         test("a3000c3000c3000|a3000c3000-|a3000c3000c3000a3000-");
 118 
 119         // If a test case won't use a real KDC, it can be sped up.
 120         writeConf(3, 5, p1, p2);
 121         test("a5a5a5b5b5b5-");  // default max_retries == 3
 122         test("a5a5a5b5b5b5-");  // all bad means no bad
 123 
 124         // 2. No policy.
 125         Security.setProperty("krb5.kdc.bad.policy", "");
 126         Config.refresh();
 127