258 # is set then this property is ignored. |
258 # is set then this property is ignored. |
259 # |
259 # |
260 # Example, |
260 # Example, |
261 # ocsp.responderCertSerialNumber=2A:FF:00 |
261 # ocsp.responderCertSerialNumber=2A:FF:00 |
262 |
262 |
|
263 # |
|
264 # Policy for failed Kerberos KDC lookups: |
|
265 # |
|
266 # When a KDC is unavailable (network error, service failure, etc), it is |
|
267 # put inside a blacklist and accessed less often for future requests. The |
|
268 # value (case-insensitive) for this policy can be: |
|
269 # |
|
270 # tryLast |
|
271 # KDCs in the blacklist are always tried after those not on the list. |
|
272 # |
|
273 # tryLess[:max_retries,timeout] |
|
274 # KDCs in the blacklist are still tried by their order in the configuration, |
|
275 # but with smaller max_retries and timeout values. max_retries and timeout |
|
276 # are optional numerical parameters (default 1 and 5000, which means once |
|
277 # and 5 seconds). Please notes that if any of the values defined here is |
|
278 # more than what is defined in krb5.conf, it will be ignored. |
|
279 # |
|
280 # Whenever a KDC is detected as available, it is removed from the blacklist. |
|
281 # The blacklist is reset when krb5.conf is reloaded. You can add |
|
282 # refreshKrb5Config=true to a JAAS configuration file so that krb5.conf is |
|
283 # reloaded whenever a JAAS authentication is attempted. |
|
284 # |
|
285 # Example, |
|
286 # krb5.kdc.bad.policy = tryLast |
|
287 # krb5.kdc.bad.policy = tryLess:2,2000 |
|
288 krb5.kdc.bad.policy = tryLast |
|
289 |