Mercurial Mercurial > jdk-sandbox / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/java.base/share/conf/security/java.security
changeset 55258 d65d3c37232c
parent 55039 4947a097db60
child 57718 a93b7b28f644
equal deleted inserted replaced
55257:442b86eb633c 55258:d65d3c37232c 
   473 #   krb5.kdc.bad.policy = tryLess:2,2000
 
   473 #   krb5.kdc.bad.policy = tryLess:2,2000
 
   474 #
 
   474 #
 
   475 krb5.kdc.bad.policy = tryLast
 
   475 krb5.kdc.bad.policy = tryLast
 
   476 
   476 
   477 #
 
   477 #
 
       
   478 # Kerberos cross-realm referrals (RFC 6806)
 
       
   479 #
 
       
   480 # OpenJDK's Kerberos client supports cross-realm referrals as defined in
 
       
   481 # RFC 6806. This allows to setup more dynamic environments in which clients
 
       
   482 # do not need to know in advance how to reach the realm of a target principal
 
       
   483 # (either a user or service).
 
       
   484 #
 
       
   485 # When a client issues an AS or a TGS request, the "canonicalize" option
 
       
   486 # is set to announce support of this feature. A KDC server may fulfill the
 
       
   487 # request or reply referring the client to a different one. If referred,
 
       
   488 # the client will issue a new request and the cycle repeats.
 
       
   489 #
 
       
   490 # In addition to referrals, the "canonicalize" option allows the KDC server
 
       
   491 # to change the client name in response to an AS request. For security reasons,
 
       
   492 # RFC 6806 (section 11) FAST scheme is enforced.
 
       
   493 #
 
       
   494 # Disable Kerberos cross-realm referrals. Value may be overwritten with a
 
       
   495 # System property (-Dsun.security.krb5.disableReferrals).
 
       
   496 sun.security.krb5.disableReferrals=false
 
       
   497 
       
   498 # Maximum number of AS or TGS referrals to avoid infinite loops. Value may
 
       
   499 # be overwritten with a System property (-Dsun.security.krb5.maxReferrals).
 
       
   500 sun.security.krb5.maxReferrals=5
 
       
   501 
       
   502 #
 
   478 # Algorithm restrictions for certification path (CertPath) processing
 
   503 # Algorithm restrictions for certification path (CertPath) processing
 
   479 #
 
   504 #
 
   480 # In some environments, certain algorithms or key lengths may be undesirable
 
   505 # In some environments, certain algorithms or key lengths may be undesirable
 
   481 # for certification path building and validation.  For example, "MD2" is
 
   506 # for certification path building and validation.  For example, "MD2" is
 
   482 # generally no longer considered to be a secure hash algorithm.  This section
 
   507 # generally no longer considered to be a secure hash algorithm.  This section
jdk-sandbox