[security-dev 01219]: code review request: 6882687 KerberosTime too imprecise
Max (Weijun) Wang
Weijun.Wang at Sun.COM
Wed Sep 16 17:46:12 UTC 2009
Hi Valerie
Please take a review for the fix at
http://cr.openjdk.java.net/~weijun/6882687/webrev.00
Brad
This would fix the IgnoreChannelBindings test failure on CYGWIN.
Thanks
Max
Begin forwarded message:
> From: Weijun.Wang at Sun.COM
> Date: September 17, 2009 1:12:13 AM GMT+08:00
> *Synopsis*: KerberosTime too imprecise
>
> === *Description*
> ============================================================
> Recently I notice a Kerberos test fails on CYGWIN saying an AP-REQ
> is a "replay detected". It turns out that the Windows time (returned
> by new Date()) is too coarse (15 millisecond precision) and the two
> AP-REQs in the test have the same KerberosTime value.
>
> Also, the KerberosTime class is the source of microseconds value
> used in Authenticator etc. Since Date only provides milliseconds,
> this means even if on a system with ideal Date, the microsecond
> value is always a multiple of 1000.
>
More information about the security-dev
mailing list